Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-46234
Vulnerability from cvelistv5
Published
2023-10-26 14:31
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | browserify | browserify-sign |
Version: >= 2.6.0, <= 4.2.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "browserify-sign",
"vendor": "browserify",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c= 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T14:31:35.895Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
],
"source": {
"advisory": "GHSA-x9w5-v3q2-3rhw",
"discovery": "UNKNOWN"
},
"title": "browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46234",
"datePublished": "2023-10-26T14:31:35.895Z",
"dateReserved": "2023-10-19T20:34:00.946Z",
"dateUpdated": "2024-08-02T20:37:40.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46234\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-26T15:15:09.087\",\"lastModified\":\"2024-11-21T08:28:08.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\\n\"},{\"lang\":\"es\",\"value\":\"browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\u00fablica criptogr\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\u00f3n de l\u00edmite superior en la funci\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \u00e9xito mediante cualquier clave p\u00fablica, lo que lleva a un ataque de falsificaci\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\u00f3n DSA de las firmas ingresadas por los usuarios se ver\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.2.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5539\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
ghsa-x9w5-v3q2-3rhw
Vulnerability from github
Published
2023-10-26 20:53
Modified
2024-02-28 03:30
Severity ?
Summary
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Details
Summary
An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
Details
In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.
In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.
Impact
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.
Fix PR:
Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.1"
},
"ecosystem_specific": {
"affected_functions": [
"(browserify-sign).Verify"
]
},
"package": {
"ecosystem": "npm",
"name": "browserify-sign"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "4.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46234"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-26T20:53:21Z",
"nvd_published_at": "2023-10-26T15:15:09Z",
"severity": "HIGH"
},
"details": "### Summary\nAn upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.\n\n### Details\nIn `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. \n\nIn this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key.\n\n### Impact\nAll places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.\n\n\n### Fix PR:\nSince the temporary private fork was deleted, here\u0027s a webarchive of the PR discussion and diff pages: [PR webarchive.zip](https://github.com/browserify/browserify-sign/files/13172957/PR.webarchive.zip)\n",
"id": "GHSA-x9w5-v3q2-3rhw",
"modified": "2024-02-28T03:30:30Z",
"published": "2023-10-26T20:53:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"type": "PACKAGE",
"url": "https://github.com/browserify/browserify-sign"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack"
}
wid-sec-w-2023-2782
Vulnerability from csaf_certbund
Published
2023-10-30 23:00
Modified
2024-05-30 22:00
Summary
Red Hat OpenShift distributed tracing: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2782 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2782.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2782 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2782"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6800-1 vom 2024-05-30",
"url": "https://ubuntu.com/security/notices/USN-6800-1"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift distributed tracing: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-05-30T22:00:00.000+00:00",
"generator": {
"date": "2024-05-31T09:08:12.156+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2782",
"initial_release_date": "2023-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-08T23:00:00.000+00:00",
"number": "2",
"summary": "Anpassung im Text"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cdistributed tracing 2.9.0",
"product": {
"name": "Red Hat OpenShift \u003cdistributed tracing 2.9.0",
"product_id": "T031021",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:distributed_tracing_2.9.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift distributed tracing. Dieser Fehler besteht im browserify-sign Knotenpaket aufgrund einer unsachgem\u00e4\u00dfen \u00dcberpr\u00fcfung der kryptografischen Signatur, die es erm\u00f6glicht, einen Signaturf\u00e4lschungsangriff auszuf\u00fchren, indem kryptografische Signaturen f\u00fcr DSA-Daten nicht korrekt \u00fcberpr\u00fcft werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und sich unbefugten Zugriff zu verschaffen."
}
],
"product_status": {
"known_affected": [
"T000126",
"74185"
]
},
"release_date": "2023-10-30T23:00:00Z",
"title": "CVE-2023-46234"
}
]
}
WID-SEC-W-2023-2782
Vulnerability from csaf_certbund
Published
2023-10-30 23:00
Modified
2024-05-30 22:00
Summary
Red Hat OpenShift distributed tracing: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat OpenShift distributed tracing ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2782 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2782.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2782 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2782"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2023-10-30",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6800-1 vom 2024-05-30",
"url": "https://ubuntu.com/security/notices/USN-6800-1"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift distributed tracing: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2024-05-30T22:00:00.000+00:00",
"generator": {
"date": "2024-05-31T09:08:12.156+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2782",
"initial_release_date": "2023-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-11-08T23:00:00.000+00:00",
"number": "2",
"summary": "Anpassung im Text"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cdistributed tracing 2.9.0",
"product": {
"name": "Red Hat OpenShift \u003cdistributed tracing 2.9.0",
"product_id": "T031021",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:distributed_tracing_2.9.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift distributed tracing. Dieser Fehler besteht im browserify-sign Knotenpaket aufgrund einer unsachgem\u00e4\u00dfen \u00dcberpr\u00fcfung der kryptografischen Signatur, die es erm\u00f6glicht, einen Signaturf\u00e4lschungsangriff auszuf\u00fchren, indem kryptografische Signaturen f\u00fcr DSA-Daten nicht korrekt \u00fcberpr\u00fcft werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen und sich unbefugten Zugriff zu verschaffen."
}
],
"product_status": {
"known_affected": [
"T000126",
"74185"
]
},
"release_date": "2023-10-30T23:00:00Z",
"title": "CVE-2023-46234"
}
]
}
rhsa-2023_6180
Vulnerability from csaf_redhat
Published
2023-10-30 12:53
Modified
2024-12-10 16:36
Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update
Notes
Topic
An update is now available for Red Hat Openshift distributed tracing 2.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Release of Red Hat OpenShift distributed tracing provides these changes:
Security Fix(es):
* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift distributed tracing provides these changes:\n\nSecurity Fix(es):\n\n* browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack (CVE-2023-46234)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6180",
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6180.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing 2.9.0 containers security update",
"tracking": {
"current_release_date": "2024-12-10T16:36:54+00:00",
"generator": {
"date": "2024-12-10T16:36:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2023:6180",
"initial_release_date": "2023-10-30T12:53:43+00:00",
"revision_history": [
{
"date": "2023-10-30T12:53:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-30T12:53:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-10T16:36:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.9",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_id": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_id": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_id": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_id": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_id": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_id": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-14"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_id": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_id": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_id": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2023-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in browserify-sign node package. This issue may allow a malicious user to execute a signature forgery attack by not correctly checking cryptographic signatures for DSA data, resulting in a jeopardized environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker could impact the integrity of a server when handling unknown input due to the lack of DSA verification, for example, pretending to be a legitimate user, gaining unauthorized access. Therefore, the impact for this vulnerability is important.\n\nRed Hat Fuse 7 uses browserify-sign as a transitive development dependency, hence the Low impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46234"
},
{
"category": "external",
"summary": "RHBZ#2246470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"category": "external",
"summary": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
}
],
"release_date": "2023-10-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T12:53:43+00:00",
"details": "To update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate RPMs being upgraded on your system.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6180"
},
{
"category": "workaround",
"details": "No current mitigation is yet available for this flaw.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:2619637d44fd87e5c07301de93841899fffc109dcfaff59d56349cedc208a679_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:7ebe5c551baccd151d6ef2120eb7009570b33647bfd6332320dfa0f5f661ed8a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:952f7701d0c1d8ac9c01c0b2ff9d28a4dad480fd34e68eef162e41b5bb0a17e1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:16934a17528d69fb0d39f605364fbc012a3e4d7401df45c91c995ac8ef9ed920_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:bb3e6e3b54c116d45c23154b3f3bd122a99a62ceb4499cd56774f1e0cec1c214_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:f99bb528c12edb65c36659a0a5d59d7a76449ce9649bf7c5be7b273f8485fc25_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:467961ec80abc54ee85939f0287041223b181bb7c9a622b556785ff1dd8119f5_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a7e722132e7a538443f59788b82edcc52f5ec22e9343725c4401c9bdf7093b9a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:df8436011b04ced795985116fff8eb5cc0009f0002ce9c000f9db741980b5a72_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43f26cad1cd0ea7e5ac2e605077302473382ab85b3f8da72e49c4dd06114dab2_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a3660137670fedc4e56ca656d56fb739c2fa48d9d0cf5f66fd150bd61365d5_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c3883a6c2f828592783cd1cd336c23a29245e9c45b10dd2b6d1aa8b86a670c31_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0c8511e092b0138282ce3997cf06d8ba5995b9aa17aa436bcb3eacad910ff54d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:5068337fc3ab78c2bed33b7eb0f1c1cf67c753a00c006e945aded3ecad884edc_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:ba453c045a93b2ac9e9a820ca616ea4af912972a99a5e4b07135658f1ddc752d_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:8341ef7ade15d0f823fb0ef8d1d2e2aab3f6078feae7a341a2f7b4c6bd94fba1_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f117be17c9d1713db3719e4e1a7eb3b4697f9c12ac176c311b4c5d6ee27e59f9_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:f72338e446068e2487de8f6eb2249a69e27f24523a771e8aba0fcc2fbf263fe8_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:5dfb4b1c8b7c835e0c493927cb5c22bc68989244e49e284f90a063d54c6d1aa9_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:a59c693b975fad667a6cfebed3e2cf564419baf0a10aa27b71a22581b789dc10_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:bf2cc048dd6e18cb05a17a6de1e45cabd734af0f88555d0c1057bf3b82ac1e0f_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4da3891b6d4df60dc7e0248bbb543d8363d32671bc3b0eb1671468dd4d3b7ebe_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:4e62b4264b5e4c63bc7d0cecf154dd481605e1d0ff94d563e9d6a8bc43c4835a_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:d9adfa493c64269d2ce744572d9a4c230e8a7c2503a35dbb3df5346e52a6dd2c_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:9198140a0252287e5114e04b97d5454227b51bac8fa4411dea1b0d0843f3c668_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:a9173c66a6929bf5fc689bd434203155e365d23e5e9ae7666d89224ec39df975_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e50b850a731b7ab45345ab4e9495e4806ac0c6f8ba9ae13b83673a3b06a014f9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:2adc2877050289ee2568c4f03ce171dc2c30bf86976fcc63c09bd0bf18b92cc4_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:73017b0ad2d4ea26900253abdc9a62d55a40ff04905a391e91610ad7a9d762d3_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:cb9a2f0df6852eb9d11deb8c4c14142bcae17a70301c55974fd0d87116814c9f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:0ec97472d9bb1d99bfc0653194acf1b44de185a9e63756fb692acaa713ade2db_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:33f921009c9baaf82d3d10406073e9da9b31540d6b3b421c7a3659e2d8310179_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:eaa126d86aecf2bd330f2234104a905a71ab280a4d74a2614d98daaf13e821e2_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:746f118b9224ba6a175526f265d956ae8ce6c7c170db2217bd34b028f03999af_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:8a237928d7c059ecd5d1f3aad89ab094a73452e221c133cd9c5c7689db9b87bf_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:ecead456f33621f78b97d0d151f816d39246af1ca69696616f033213791142dc_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ae1228eb0e7c975eeec459749408a70324245aa99fd41bce03cd9f45ceb42d0b_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:cbad12c58f243298974f51d2278730feb5fbb74cdc6de409dd0578794ab6c1a4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:dd22e49f8d5aa7f009169aec3c43e68307e0842cde9260a70dd424159e61c89d_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:3c15440847fbc38023d590dd5f93ee524f53e2999c4483cfb3ba9bbf6bba904f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:9e9d91554f5edb5a3e00f2a294056bb540ed1597fc8af5d44432ce81d54bf977_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ac25a060b441ba7b1a2f282083e0900f26d159a02486d85bf496c28ce61ad970_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:6df979ecc2195ddd8c1b84a0355fa4df58cf55c34f0b07669659d72501a701d4_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:a66560fd323c9cb1466ca2fede9111665cadfc1ddaf9ce28e0aad6fdddf89763_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:b6ec1460415bf8c69d82cf9267494dc5445242b6a0957318eae5bf333693cb2e_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:0d51e3a8b92cab3b8f5221fc076b2079a68e7ba75f7f3ecb9322fe7ba77e862f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:a602d31cee6906b1d0218de85403decb0155746990f9cd218731c7d4e717f1a1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b903b41e1096a25b53c5272c8457baa352e2c83fa997852d4a8ed614e2c02802_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:5aee6e4bfecba226d276b95c62a68a1b6d513d60c9c8aff84752725e6c01b8c0_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:a18638de4d39738b696f044e0d181fdeaf82499f2a2b4b46c07675db5fbe8c3f_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:e9615e41e857331edacf87fcd98ced0a50fba92757131fdb433ad3e9490e4dd7_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:29200f7311b63df76f6723878e4a8e2c315376b421e4e5febe2323a926d48594_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:42c59f6a87c791fd6a3e829af331e2c5778612f503b402c0a08278cc9dc09ef7_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:d557bf48ab4db2b2c98a65d1a028b7cde4363ee888c274d0629829c1b07977ef_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack"
}
]
}
gsd-2023-46234
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-46234",
"id": "GSD-2023-46234"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-46234"
],
"details": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n",
"id": "GSD-2023-46234",
"modified": "2023-12-13T01:20:53.400557Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-46234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "browserify-sign",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 2.6.0, \u003c= 4.2.1"
}
]
}
}
]
},
"vendor_name": "browserify"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-347",
"lang": "eng",
"value": "CWE-347: Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw",
"refsource": "MISC",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"name": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30",
"refsource": "MISC",
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"name": "https://www.debian.org/security/2023/dsa-5539",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5539"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
}
]
},
"source": {
"advisory": "GHSA-x9w5-v3q2-3rhw",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:browserify:browserify-sign:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "DE51BF6D-53CC-41A1-9530-BD9B1DCFBE6D",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "browserify-sign is a package to duplicate the functionality of node\u0027s crypto public key functions, much of this is based on Fedor Indutny\u0027s work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n"
},
{
"lang": "es",
"value": "browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave p\u00fablica criptogr\u00e1fica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificaci\u00f3n de l\u00edmite superior en la funci\u00f3n `dsaVerify` permite a un atacante construir firmas que pueden verificarse con \u00e9xito mediante cualquier clave p\u00fablica, lo que lleva a un ataque de falsificaci\u00f3n de firmas. Todos los lugares de este proyecto que implican la verificaci\u00f3n DSA de las firmas ingresadas por los usuarios se ver\u00e1n afectados por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 4.2.2."
}
],
"id": "CVE-2023-46234",
"lastModified": "2024-02-28T03:15:07.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2023-10-26T15:15:09.087",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
}
}
}
NCSC-2024-0466
Vulnerability from csaf_ncscnl
Published
2024-12-06 13:05
Modified
2024-12-06 13:05
Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE-23
Relative Path Traversal
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html"
}
],
"title": "Kwetsbaarheden verholpen in Atlassian producten",
"tracking": {
"current_release_date": "2024-12-06T13:05:55.904619Z",
"id": "NCSC-2024-0466",
"initial_release_date": "2024-12-06T13:05:55.904619Z",
"revision_history": [
{
"date": "2024-12-06T13:05:55.904619Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "atlassian_bamboo__10.0.0",
"product": {
"name": "atlassian_bamboo__10.0.0",
"product_id": "CSAFPID-1645374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.2.17",
"product": {
"name": "atlassian_bamboo__9.2.17",
"product_id": "CSAFPID-1621163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.6.4",
"product": {
"name": "atlassian_bamboo__9.6.4",
"product_id": "CSAFPID-1645371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.19.9",
"product": {
"name": "atlassian_bitbucket__8.19.9",
"product_id": "CSAFPID-1645370",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.9.19",
"product": {
"name": "atlassian_bitbucket__8.9.19",
"product_id": "CSAFPID-1645373",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__9.0.0",
"product": {
"name": "atlassian_bitbucket__9.0.0",
"product_id": "CSAFPID-1645372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26",
"product": {
"name": "atlassian_confluence__7.19.26",
"product_id": "CSAFPID-1621160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26__lts_",
"product": {
"name": "atlassian_confluence__7.19.26__lts_",
"product_id": "CSAFPID-1621135",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.12",
"product": {
"name": "atlassian_confluence__8.5.12",
"product_id": "CSAFPID-1645510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.14__lts_",
"product": {
"name": "atlassian_confluence__8.5.14__lts_",
"product_id": "CSAFPID-1621133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.9.4",
"product": {
"name": "atlassian_confluence__8.9.4",
"product_id": "CSAFPID-1645509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__9.0.1",
"product": {
"name": "atlassian_confluence__9.0.1",
"product_id": "CSAFPID-1621161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence_data_center__9.0.1",
"product": {
"name": "atlassian_confluence_data_center__9.0.1",
"product_id": "CSAFPID-1621140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.12.12__lts_",
"product": {
"name": "atlassian_jira_software__9.12.12__lts_",
"product_id": "CSAFPID-1621142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.4.25__lts_",
"product": {
"name": "atlassian_jira_software__9.4.25__lts_",
"product_id": "CSAFPID-1621143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_data_center__9.17.1",
"product": {
"name": "atlassian_jira_software_data_center__9.17.1",
"product_id": "CSAFPID-1621141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product_id": "CSAFPID-1621138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product_id": "CSAFPID-1621139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product": {
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product_id": "CSAFPID-1621137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bamboo",
"product": {
"name": "bamboo",
"product_id": "CSAFPID-716889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bitbucket",
"product": {
"name": "bitbucket",
"product_id": "CSAFPID-1725084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "confluence",
"product": {
"name": "confluence",
"product_id": "CSAFPID-551338",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "jira_software",
"product": {
"name": "jira_software",
"product_id": "CSAFPID-1725085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1724900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_mac",
"product": {
"name": "sourcetree_for_mac",
"product_id": "CSAFPID-1724286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_windows",
"product": {
"name": "sourcetree_for_windows",
"product_id": "CSAFPID-1724287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-38900",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "other",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4068",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-21697",
"product_status": {
"known_affected": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21697",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
}
],
"title": "CVE-2024-21697"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1725085"
]
}
],
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-47561"
}
]
}
ncsc-2024-0466
Vulnerability from csaf_ncscnl
Published
2024-12-06 13:05
Modified
2024-12-06 13:05
Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-1050
Excessive Platform Resource Consumption within a Loop
CWE-23
Relative Path Traversal
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html"
}
],
"title": "Kwetsbaarheden verholpen in Atlassian producten",
"tracking": {
"current_release_date": "2024-12-06T13:05:55.904619Z",
"id": "NCSC-2024-0466",
"initial_release_date": "2024-12-06T13:05:55.904619Z",
"revision_history": [
{
"date": "2024-12-06T13:05:55.904619Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "atlassian_bamboo__10.0.0",
"product": {
"name": "atlassian_bamboo__10.0.0",
"product_id": "CSAFPID-1645374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.2.17",
"product": {
"name": "atlassian_bamboo__9.2.17",
"product_id": "CSAFPID-1621163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.6.4",
"product": {
"name": "atlassian_bamboo__9.6.4",
"product_id": "CSAFPID-1645371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.19.9",
"product": {
"name": "atlassian_bitbucket__8.19.9",
"product_id": "CSAFPID-1645370",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.9.19",
"product": {
"name": "atlassian_bitbucket__8.9.19",
"product_id": "CSAFPID-1645373",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__9.0.0",
"product": {
"name": "atlassian_bitbucket__9.0.0",
"product_id": "CSAFPID-1645372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26",
"product": {
"name": "atlassian_confluence__7.19.26",
"product_id": "CSAFPID-1621160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26__lts_",
"product": {
"name": "atlassian_confluence__7.19.26__lts_",
"product_id": "CSAFPID-1621135",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.12",
"product": {
"name": "atlassian_confluence__8.5.12",
"product_id": "CSAFPID-1645510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.14__lts_",
"product": {
"name": "atlassian_confluence__8.5.14__lts_",
"product_id": "CSAFPID-1621133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.9.4",
"product": {
"name": "atlassian_confluence__8.9.4",
"product_id": "CSAFPID-1645509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__9.0.1",
"product": {
"name": "atlassian_confluence__9.0.1",
"product_id": "CSAFPID-1621161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence_data_center__9.0.1",
"product": {
"name": "atlassian_confluence_data_center__9.0.1",
"product_id": "CSAFPID-1621140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.12.12__lts_",
"product": {
"name": "atlassian_jira_software__9.12.12__lts_",
"product_id": "CSAFPID-1621142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.4.25__lts_",
"product": {
"name": "atlassian_jira_software__9.4.25__lts_",
"product_id": "CSAFPID-1621143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_data_center__9.17.1",
"product": {
"name": "atlassian_jira_software_data_center__9.17.1",
"product_id": "CSAFPID-1621141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product_id": "CSAFPID-1621138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product_id": "CSAFPID-1621139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product": {
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product_id": "CSAFPID-1621137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bamboo",
"product": {
"name": "bamboo",
"product_id": "CSAFPID-716889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bitbucket",
"product": {
"name": "bitbucket",
"product_id": "CSAFPID-1725084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "confluence",
"product": {
"name": "confluence",
"product_id": "CSAFPID-551338",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "jira_software",
"product": {
"name": "jira_software",
"product_id": "CSAFPID-1725085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1724900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_mac",
"product": {
"name": "sourcetree_for_mac",
"product_id": "CSAFPID-1724286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_windows",
"product": {
"name": "sourcetree_for_windows",
"product_id": "CSAFPID-1724287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-38900",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "other",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4068",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-21697",
"product_status": {
"known_affected": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21697",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
}
],
"title": "CVE-2024-21697"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1725085"
]
}
],
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-47561"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.