Action not permitted
Modal body text goes here.
cve-2023-4958
Vulnerability from cvelistv5
Published
2023-12-12 10:02
Modified
2024-08-02 07:44
Severity ?
EPSS score ?
Summary
Stackrox: missing http security headers allows for clickjacking in web ui
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2023:5206 | Vendor Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-4958 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1990363 | Issue Tracking, Patch |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:5206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"name": "RHBZ#1990363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.2::el8"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 4.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.0-6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:3"
],
"defaultStatus": "affected",
"packageName": "advanced-cluster-security/rhacs-main-rhel8",
"product": "Red Hat Advanced Cluster Security 3",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Choi (Red Hat Product Security)."
}
],
"datePublic": "2022-06-02T22:40:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:32:38.712Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:5206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"name": "RHBZ#1990363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-08-05T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-06-02T22:40:00+00:00",
"value": "Made public."
}
],
"title": "Stackrox: missing http security headers allows for clickjacking in web ui",
"x_redhatCweChain": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4958",
"datePublished": "2023-12-12T10:02:33.672Z",
"dateReserved": "2023-09-14T08:06:30.272Z",
"dateUpdated": "2024-08-02T07:44:53.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-4958\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-12-12T10:15:10.853\",\"lastModified\":\"2024-05-03T16:15:11.227\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions.\"},{\"lang\":\"es\",\"value\":\"En Red Hat Advanced Cluster Security (RHACS), se descubri\u00f3 que faltaban algunos encabezados HTTP relacionados con la seguridad, lo que permit\u00eda a un atacante explotar esto con un ataque de clickjacking. Un atacante podr\u00eda aprovechar esto convenciendo a un usuario v\u00e1lido de RHACS para que visite una p\u00e1gina web controlada por el atacante, que apunta enga\u00f1osamente a endpoints de RHACS v\u00e1lidos, secuestrando los permisos de la cuenta del usuario para realizar otras acciones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:kubernates:*:*\",\"matchCriteriaId\":\"0FB56EBE-BCC0-4833-82B3-D5EFC50A7E65\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:5206\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-4958\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1990363\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}"
}
}
gsd-2023-4958
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-4958",
"id": "GSD-2023-4958"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-4958"
],
"details": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions.",
"id": "GSD-2023-4958",
"modified": "2023-12-13T01:20:27.038121Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2023-4958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhacs-main-container",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
},
"vendor_name": "n/a"
},
{
"product": {
"product_data": [
{
"product_name": "Red Hat Advanced Cluster Security 4.2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4.2.0-6",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Advanced Cluster Security 3",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeremy Choi (Red Hat Product Security)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-77",
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/errata/RHSA-2023:5206",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2023-4958",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:kubernates:*:*",
"matchCriteriaId": "0FB56EBE-BCC0-4833-82B3-D5EFC50A7E65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions."
},
{
"lang": "es",
"value": "En Red Hat Advanced Cluster Security (RHACS), se descubri\u00f3 que faltaban algunos encabezados HTTP relacionados con la seguridad, lo que permit\u00eda a un atacante explotar esto con un ataque de clickjacking. Un atacante podr\u00eda aprovechar esto convenciendo a un usuario v\u00e1lido de RHACS para que visite una p\u00e1gina web controlada por el atacante, que apunta enga\u00f1osamente a endpoints de RHACS v\u00e1lidos, secuestrando los permisos de la cuenta del usuario para realizar otras acciones."
}
],
"id": "CVE-2023-4958",
"lastModified": "2023-12-15T15:24:03.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2023-12-12T10:15:10.853",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
}
}
}
wid-sec-w-2023-2394
Vulnerability from csaf_certbund
Published
2023-09-19 22:00
Modified
2023-09-19 22:00
Summary
Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2394 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2394.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2394 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2394"
},
{
"category": "external",
"summary": "Red Hat Security Advisory - RHACS vom 2023-09-19",
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Schwachstelle erm\u00f6glicht Umgehung von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2023-09-19T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:44:37.141+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2394",
"initial_release_date": "2023-09-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RHACS \u003c 4.2",
"product": {
"name": "Red Hat Enterprise Linux RHACS \u003c 4.2",
"product_id": "T029970",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:rhacs__4.2"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4958",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat Enterprise Linux. Dieser Fehler besteht in der Stackrox-Komponente aufgrund fehlender HTTP-Sicherheitsheader, die einen Clickjacking-Angriff in der Web-UI erm\u00f6glichen. Indem ein g\u00fcltiger RHACS-Benutzer dazu gebracht wird, eine b\u00f6sartige Webseite zu besuchen, die t\u00e4uschend echt auf g\u00fcltige RHACS-Endpunkte verweist, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"release_date": "2023-09-19T22:00:00Z",
"title": "CVE-2023-4958"
}
]
}
rhsa-2023_5206
Vulnerability from csaf_redhat
Published
2023-09-18 16:39
Modified
2024-11-23 00:21
Summary
Red Hat Security Advisory: RHACS 4.2 enhancement and security update
Notes
Topic
Updated images are now available for Red Hat Advanced Cluster Security (RHACS).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The release of RHACS 4.2 provides these changes:
Security Fix(es):
* stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
New Features
RHACS 4.2 includes the following new features, improvements, and updates:
Platform
* Bring your own PostgreSQL database for RHACS Central (Technology Preview)
* The CORE BPF collection method is now GA
* RHACS Product usage report
* Performance improvements for the Compliance dashboard
Vulnerability management
* Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform
* Configure delegated image scanning in the RHACS portal
* Define new system policies using CVE age or fixability
* On-demand and downloadable CVE report in Vulnerability Management 2.0
* Scanner supports additional operating systems
Network Security
* Improvements to runtime network policy generation
* Build time Network Policy tools (Technology Preview)
* New Listening Endpoints menu in the RHACS portal
* Viewing network policy YAML files from a violation
For notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security (RHACS).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The release of RHACS 4.2 provides these changes:\n\nSecurity Fix(es):\n\n* stackrox: Missing HTTP security headers allows for clickjacking in web UI (CVE-2023-4958)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNew Features\n\nRHACS 4.2 includes the following new features, improvements, and updates:\n\nPlatform\n* Bring your own PostgreSQL database for RHACS Central (Technology Preview)\n* The CORE BPF collection method is now GA\n* RHACS Product usage report\n* Performance improvements for the Compliance dashboard\n\nVulnerability management\n* Vulnerability scanning support for Registry Mirrors in OpenShift Container Platform\n* Configure delegated image scanning in the RHACS portal\n* Define new system policies using CVE age or fixability\n* On-demand and downloadable CVE report in Vulnerability Management 2.0\n* Scanner supports additional operating systems\n\nNetwork Security\n* Improvements to runtime network policy generation\n* Build time Network Policy tools (Technology Preview)\n* New Listening Endpoints menu in the RHACS portal\n* Viewing network policy YAML files from a violation\n\nFor notable technical changes, deprecated and removed features, and bug fixes, see the Release Notes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5206",
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.2/release_notes/42-release-notes.html",
"url": "https://docs.openshift.com/acs/4.2/release_notes/42-release-notes.html"
},
{
"category": "external",
"summary": "1990363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
},
{
"category": "external",
"summary": "ROX-19688",
"url": "https://issues.redhat.com/browse/ROX-19688"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5206.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.2 enhancement and security update",
"tracking": {
"current_release_date": "2024-11-23T00:21:44+00:00",
"generator": {
"date": "2024-11-23T00:21:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:5206",
"initial_release_date": "2023-09-18T16:39:39+00:00",
"revision_history": [
{
"date": "2023-09-18T16:39:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-18T16:39:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-23T00:21:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.2 for RHEL 8",
"product": {
"name": "RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.0-7"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.0-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.0-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.0-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.0-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.0-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jeremy Choi"
],
"organization": "Red Hat Product Security",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2023-4958",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"discovery_date": "2021-08-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1990363"
}
],
"notes": [
{
"category": "description",
"text": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "stackrox: Missing HTTP security headers allows for clickjacking in web UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:655da98b70cce7d0d8eda8c8d13d13e4abb56d240a7dcc86c9a1ecf74524095f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a6f0560462f70d081ecd633dab7fe3812a9a05ede057dcfc85c78aebcbfcf7fb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:d53ebe7252d7414e0dc756d48d806504993d43f8c3de2eebed0e1f74749cd2de_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:11ba7bb24a938e34ca077b77730cd1524dee6d81157b7309b0725bde1dc1a658_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7d6b22c16ffc10dbe11d5d783e1c7efa7f39de054a3a2332c807bdf63bcd1c71_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:daec224b2d21db1d0f896c376bc57896f3d322699ea860c9af3daeb0fdf60c26_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7cd77dd8ba37e7df2802ef44bda69e4305631729c981a673a0a31433f4d05663_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8844ee1cf02d8038e8b156bc856f3f6bbe1cdca160ec79f30da39ef826d897f2_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:99cea72009375b9fe0d351d2dc74d0b08f303daf8fd3d054f34301b2a7b9874e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:85b9f7b20c8ad9552c30f6aaf772ceb5342bcf6ea90ea997eb614212fa57ed58_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:de3b2e28150c6428864fe8dd7ef325b806bc9e9881d883ba3335e00b6593618c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:e2262de639260486a1942d9c7a8be075a96888519c65b0ccd41f1360978300ac_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:696ef8ccb59d3f34a640ffdc18b089680a2a28189b388450080454865ce5b12e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:d80fafb9e7fcd0fa9e4103ae929cfa9dc8b91851b50d17d377d8fbdf2dd0884f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:fa7fd49bfc458b712c26f122e22520e685b036dcf65c204f7b6385cd53cdc9b3_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:61efe4f465be5ac4c3ddf6a5c452d5dc7d250b8a842ec36b7cf44272de146e15_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b3faa186bd4e7d7949314abb298b67fec93eba13c9028b2d597141f3ecfadaa8_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:c0cad154a2b2b90bf1ad022bfbc1edaee1d0d3ebbae99c296afbc4e423d49adc_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a8010cccaa062270ae1c2214a46ebedbf9dd55caa848d2063ade69eed1cefcf_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4f5bc6377f8b81ca0f0bebfd4cafdc7d17029e702861f7159a38bccc3e7a21c3_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6c9a79f505c45e604b51ce9d29a7472e23da6f33011635afcac5dc96d3c8a413_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0bd96c2875a801820c1a042b854c903b7ff7f577f286d1b42688d084f4ac369b_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:1971e8fe13c51e6be8dd497b8ca99c8282425a6cd9735771ab6fd39a11616086_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bc4c81fc092d4bffca4742030a197b79bc80565dc4d677d7344a7d91e592e735_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:491b67f1b2930996a975fe3b4088020538c78db6f3060447699795a30e74b54b_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:756151367af2d9ee8ba0ad7537c17841f800c2828f440baa6d73b5a071d29638_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:d4efaf6561a45aa575870b3aefcc72838618ff411fdf4d8b6c23c92598400f44_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:97e5a3c6af61067119e6b6d7fd46b64569f06e311c21596af430e648b237b59b_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:df0d1098be46a3b4ab9374a3eff318410a955f014961b08ecaf416e9535f005a_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e9327bd5ebfcec5ec7c76d6e47be8dfe5fc48913859a36bb9d9ddafbc11b53fe_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"category": "external",
"summary": "RHBZ#1990363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4958",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4958"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4958",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4958"
}
],
"release_date": "2022-06-02T22:40:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-18T16:39:39+00:00",
"details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.2, you are advised to upgrade to RHACS 4.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:301a89cdc5a6aa6cc807851082a0ed58580547098c8fe35e000fe54ecbefcd1e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:64bef5c27321ed50c11018b32ae4d5de3490ad744a0f08e8e724432c75ffa775_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:e6cd211b07ec198e643043636bc43e32128a99a455594986f54d01f909eb97e1_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "stackrox: Missing HTTP security headers allows for clickjacking in web UI"
}
]
}
ghsa-2xrv-7wfr-fxj6
Vulnerability from github
Published
2023-12-12 12:30
Modified
2023-12-12 12:30
Severity ?
Details
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
{
"affected": [],
"aliases": [
"CVE-2023-4958"
],
"database_specific": {
"cwe_ids": [
"CWE-1021",
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-12T10:15:10Z",
"severity": "MODERATE"
},
"details": "In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user\u0027s account permissions to perform other actions.",
"id": "GHSA-2xrv-7wfr-fxj6",
"modified": "2023-12-12T12:30:52Z",
"published": "2023-12-12T12:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4958"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:5206"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4958"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990363"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.