Action not permitted
Modal body text goes here.
cve-2024-22201
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
jetty | jetty.project |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:35:34.848Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" }, { "name": "https://github.com/jetty/jetty.project/issues/11256", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0001/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/20/2" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:jetty:jetty.project:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jetty.project", "vendor": "jetty", "versions": [ { "lessThanOrEqual": "9.4.53", "status": "affected", "version": "9.3.0", "versionType": "custom" }, { "lessThanOrEqual": "10.0.19", "status": "affected", "version": "10.0.0", "versionType": "custom" }, { "lessThanOrEqual": "11.0.19", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "lessThanOrEqual": "12.0.5", "status": "affected", "version": "12.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-22201", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-01T18:49:17.679314Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T14:21:40.015Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "jetty.project", "vendor": "jetty", "versions": [ { "status": "affected", "version": "\u003e= 9.3.0, \u003c= 9.4.53" }, { "status": "affected", "version": "\u003e= 10.0.0, \u003c= 10.0.19" }, { "status": "affected", "version": "\u003e= 11.0.0, \u003c= 11.0.19" }, { "status": "affected", "version": "\u003e= 12.0.0, \u003c= 12.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-26T16:13:33.848Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" }, { "name": "https://github.com/jetty/jetty.project/issues/11256", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0001/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/20/2" } ], "source": { "advisory": "GHSA-rggv-cv7r-mw98", "discovery": "UNKNOWN" }, "title": "Jetty connection leaking on idle timeout when TCP congested" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-22201", "datePublished": "2024-02-26T16:13:33.848Z", "dateReserved": "2024-01-08T04:59:27.371Z", "dateUpdated": "2024-08-28T14:21:40.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-22201\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-26T16:27:56.343\",\"lastModified\":\"2024-05-01T18:15:13.847\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Jetty es un servidor web y motor de servlet basado en Java. Una conexi\u00f3n SSL HTTP/2 que est\u00e9 establecida y TCP congestionada se filtrar\u00e1 cuando expire el tiempo de espera. Un atacante puede provocar que muchas conexiones terminen en este estado y que el servidor se quede sin descriptores de archivos, lo que eventualmente provocar\u00e1 que el servidor deje de aceptar nuevas conexiones de clientes v\u00e1lidos. La vulnerabilidad est\u00e1 parcheada en 9.4.54, 10.0.20, 11.0.20 y 12.0.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/20/2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jetty/jetty.project/issues/11256\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240329-0001/\",\"source\":\"security-advisories@github.com\"}]}}" } }
wid-sec-w-2024-0486
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0486 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0486.json" }, { "category": "self", "summary": "WID-SEC-2024-0486 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0486" }, { "category": "external", "summary": "Jetty Security Reports vom 2024-02-26", "url": "https://eclipse.dev/jetty/security_reports.php" }, { "category": "external", "summary": "Red Hat Bugzilla vom 2024-02-26", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "Jetty Security Advisory vom 2024-02-26", "url": "https://www.eclipse.org/lists/jetty-announce/msg00186.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0817-1 vom 2024-03-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018126.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3780 vom 2024-04-07", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5664 vom 2024-04-18", "url": "https://lists.debian.org/debian-security-announce/2024/msg00073.html" }, { "category": "external", "summary": "IBM Security Bulletin 7149985 vom 2024-05-02", "url": "https://www.ibm.com/support/pages/node/7149985" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3634 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3635 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3636 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "external", "summary": "PDFreactor 11 Hotfix Release vom 2024-06-13", "url": "https://www.pdfreactor.com/pdfreactor-11-hotfix-release-11-6-12-now-available/" } ], "source_lang": "en-US", "title": "Eclipse Jetty: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-06-12T22:00:00.000+00:00", "generator": { "date": "2024-06-13T10:06:12.897+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0486", "initial_release_date": "2024-02-26T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-26T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-03-10T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-07T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-04-17T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-06-05T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-12T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.4.54", "product": { "name": "Eclipse Jetty \u003c9.4.54", "product_id": "T033091", "product_identification_helper": { "cpe": "cpe:/a:eclipse:jetty:9.4.54" } } }, { "category": "product_version_range", "name": "\u003c10.0.20", "product": { "name": "Eclipse Jetty \u003c10.0.20", "product_id": "T033092", "product_identification_helper": { "cpe": "cpe:/a:eclipse:jetty:10.0.20" } } }, { "category": "product_version_range", "name": "\u003c11.0.20", "product": { "name": "Eclipse Jetty \u003c11.0.20", "product_id": "T033093", "product_identification_helper": { "cpe": "cpe:/a:eclipse:jetty:11.0.20" } } }, { "category": "product_version_range", "name": "\u003c12.0.6", "product": { "name": "Eclipse Jetty \u003c12.0.6", "product_id": "T033094", "product_identification_helper": { "cpe": "cpe:/a:eclipse:jetty:12.0.6" } } } ], "category": "product_name", "name": "Jetty" } ], "category": "vendor", "name": "Eclipse" }, { "branches": [ { "category": "product_name", "name": "IBM App Connect Enterprise", "product": { "name": "IBM App Connect Enterprise", "product_id": "T032495", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:-" } } }, { "category": "product_name", "name": "IBM Integration Bus", "product": { "name": "IBM Integration Bus", "product_id": "T011169", "product_identification_helper": { "cpe": "cpe:/a:ibm:integration_bus:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c11.6.12", "product": { "name": "RealObjects PDFreactor \u003c11.6.12", "product_id": "T035425", "product_identification_helper": { "cpe": "cpe:/a:realobjects:pdfreactor:11.6.12" } } } ], "category": "product_name", "name": "PDFreactor" } ], "category": "vendor", "name": "RealObjects" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-22201", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler besteht in der HTTP/2-Implementierung der Engine aufgrund eines Verbindungs-Timeout-Problems, das es erm\u00f6glicht, dass die TCP-Verbindung offen bleibt und viele Verbindungen in diesem Zustand enden, was dazu f\u00fchrt, dass dem Server die Dateihandles ausgehen und neue Benutzer keine Verbindung herstellen k\u00f6nnen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T035425", "2951", "T002207", "67646", "T011169", "T032495" ] }, "release_date": "2024-02-26T23:00:00Z", "title": "CVE-2024-22201" } ] }
wid-sec-w-2024-0680
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Jenkins ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0680 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0680.json" }, { "category": "self", "summary": "WID-SEC-2024-0680 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0680" }, { "category": "external", "summary": "Jenkins Security Advisory vom 2024-03-20", "url": "https://www.jenkins.io/security/advisory/2024-03-20/" } ], "source_lang": "en-US", "title": "Jenkins: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-03-20T23:00:00.000+00:00", "generator": { "date": "2024-03-21T11:35:59.881+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0680", "initial_release_date": "2024-03-20T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-20T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 2.444", "product": { "name": "Jenkins Jenkins \u003c 2.444", "product_id": "T033587", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.444" } } }, { "category": "product_version_range", "name": "\u003c LTS 2.440.2", "product": { "name": "Jenkins Jenkins \u003c LTS 2.440.2", "product_id": "T033588", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:lts_2.440.2" } } } ], "category": "product_name", "name": "Jenkins" } ], "category": "vendor", "name": "Jenkins" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-22201", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Jenkins. Diese besteht aufgrund eines Fehlers in der Komponente \"Winstone-Jetty\". Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-03-20T23:00:00Z", "title": "CVE-2024-22201" } ] }
wid-sec-w-2024-0869
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Communications umfasst branchenspezifische L\u00f6sungen f\u00fcr die Telekommunikationsbranche.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0869 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json" }, { "category": "self", "summary": "WID-SEC-2024-0869 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", "url": "https://access.redhat.com/errata/RHSA-2024:1878" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", "url": "https://security.gentoo.org/glsa/202405-01" } ], "source_lang": "en-US", "title": "Oracle Communications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-05T22:00:00.000+00:00", "generator": { "date": "2024-05-06T08:33:02.513+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0869", "initial_release_date": "2024-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-17T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-05-05T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Gentoo aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "5", "product": { "name": "Oracle Communications 5.0", "product_id": "T021645", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.0" } } }, { "category": "product_version", "name": "22.4.0", "product": { "name": "Oracle Communications 22.4.0", "product_id": "T024981", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:22.4.0" } } }, { "category": "product_version", "name": "23.1.0", "product": { "name": "Oracle Communications 23.1.0", "product_id": "T027326", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.1.0" } } }, { "category": "product_version", "name": "23.2.0", "product": { "name": "Oracle Communications 23.2.0", "product_id": "T028682", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.0" } } }, { "category": "product_version", "name": "5.1", "product": { "name": "Oracle Communications 5.1", "product_id": "T028684", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.1" } } }, { "category": "product_version", "name": "23.2.2", "product": { "name": "Oracle Communications 23.2.2", "product_id": "T030583", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.2.2" } } }, { "category": "product_version", "name": "23.3.0", "product": { "name": "Oracle Communications 23.3.0", "product_id": "T030586", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.0" } } }, { "category": "product_version", "name": "9.0.0.0", "product": { "name": "Oracle Communications 9.0.0.0", "product_id": "T030589", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.0.0" } } }, { "category": "product_version_range", "name": "\u003c=7.2.1.0.0", "product": { "name": "Oracle Communications \u003c=7.2.1.0.0", "product_id": "T030593", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:7.2.1.0.0" } } }, { "category": "product_version_range", "name": "\u003c=9.0.2", "product": { "name": "Oracle Communications \u003c=9.0.2", "product_id": "T030595", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.0.2" } } }, { "category": "product_version", "name": "23.3.1", "product": { "name": "Oracle Communications 23.3.1", "product_id": "T032088", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.1" } } }, { "category": "product_version", "name": "23.4.0", "product": { "name": "Oracle Communications 23.4.0", "product_id": "T032091", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.0" } } }, { "category": "product_version", "name": "23.4.1", "product": { "name": "Oracle Communications 23.4.1", "product_id": "T034143", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.1" } } }, { "category": "product_version_range", "name": "\u003c=23.4.2", "product": { "name": "Oracle Communications \u003c=23.4.2", "product_id": "T034144", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.4.2" } } }, { "category": "product_version", "name": "24.1.0", "product": { "name": "Oracle Communications 24.1.0", "product_id": "T034145", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:24.1.0" } } }, { "category": "product_version", "name": "5.2", "product": { "name": "Oracle Communications 5.2", "product_id": "T034146", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:5.2" } } }, { "category": "product_version", "name": "24.1.0.0.0", "product": { "name": "Oracle Communications 24.1.0.0.0", "product_id": "T034147", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:24.1.0.0.0" } } }, { "category": "product_version", "name": "23.3.2", "product": { "name": "Oracle Communications 23.3.2", "product_id": "T034148", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:23.3.2" } } }, { "category": "product_version", "name": "14.0.0.0.0", "product": { "name": "Oracle Communications 14.0.0.0.0", "product_id": "T034149", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:14.0.0.0.0" } } }, { "category": "product_version", "name": "9.1.1.7.0", "product": { "name": "Oracle Communications 9.1.1.7.0", "product_id": "T034150", "product_identification_helper": { "cpe": "cpe:/a:oracle:communications:9.1.1.7.0" } } } ], "category": "product_name", "name": "Communications" } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40896", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-40896" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2023-2283", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-2283" }, { "cve": "CVE-2023-31122", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-31122" }, { "cve": "CVE-2023-33201", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-33201" }, { "cve": "CVE-2023-34053", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-34053" }, { "cve": "CVE-2023-34055", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-34055" }, { "cve": "CVE-2023-4016", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4016" }, { "cve": "CVE-2023-41056", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-41056" }, { "cve": "CVE-2023-43496", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-43496" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45142", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-45142" }, { "cve": "CVE-2023-4641", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4641" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-47100", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-47100" }, { "cve": "CVE-2023-4863", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-4863" }, { "cve": "CVE-2023-48795", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-48795" }, { "cve": "CVE-2023-49083", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-49083" }, { "cve": "CVE-2023-5072", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5072" }, { "cve": "CVE-2023-51074", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51074" }, { "cve": "CVE-2023-51257", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51257" }, { "cve": "CVE-2023-51775", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-51775" }, { "cve": "CVE-2023-5341", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5341" }, { "cve": "CVE-2023-5363", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-5363" }, { "cve": "CVE-2023-6507", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2023-6507" }, { "cve": "CVE-2024-1635", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-1635" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-21626" }, { "cve": "CVE-2024-22201", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22201" }, { "cve": "CVE-2024-22233", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22233" }, { "cve": "CVE-2024-22257", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22257" }, { "cve": "CVE-2024-22259", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-22259" }, { "cve": "CVE-2024-25062", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-25062" }, { "cve": "CVE-2024-26130", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-26130" }, { "cve": "CVE-2024-26308", "notes": [ { "category": "description", "text": "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684" ], "last_affected": [ "T030595", "T030593", "T034144" ] }, "release_date": "2024-04-16T22:00:00Z", "title": "CVE-2024-26308" } ] }
rhsa-2024_4597
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools\n4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity Fix(es):\n\n* jenkins-plugin/script-security: Sandbox bypass via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-plugin/script-security: Sandbox bypass via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin (CVE-2024-28149)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\n* jetty: Stop accepting new connections from valid clients (CVE-2024-22201)\n\n* ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jenkins-2-plugins: matrix-project plugin path traversal vulnerability (CVE-2024-23900)\n\n* runc: File descriptor leak (CVE-2024-21626, Leaky-Vessels)\n\n* jenkins-2-plugins: git-server plugin arbitrary file read vulnerability (CVE-2024-23899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4597", "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2258725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258725" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4597.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-06T22:09:44+00:00", "generator": { "date": "2024-11-06T22:09:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4597", "initial_release_date": "2024-07-17T18:49:17+00:00", "revision_history": [ { "date": "2024-07-17T18:49:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-17T18:49:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T22:09:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.15", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.15::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1718879390-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1718879390-3.el8.src", "product_id": "jenkins-0:2.440.3.1718879390-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product_id": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1718879390-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1718879538-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1718879390-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1718879390-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1718879390-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1718879390-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.15" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15", "product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.15.1718879538-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.15" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "acknowledgments": [ { "names": [ "The Snyk Reseacher Team" ] } ], "cve": "CVE-2024-21626", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2258725" } ], "notes": [ { "category": "description", "text": "A file descriptor leak issue was found in the runc package. While a user performs `O_CLOEXEC` all file descriptors before executing the container code, the file descriptor is open when performing `setcwd(2)`, which means that the reference can be kept alive in the container by configuring the working directory to be a path resolved through the file descriptor. The non-dumpable bit is unset after `execve`, meaning there are multiple ways to attack this other than bad configurations. The only way to defend against it entirely is to close all unneeded file descriptors.", "title": "Vulnerability description" }, { "category": "summary", "text": "runc: file descriptor leak", "title": "Vulnerability summary" }, { "category": "other", "text": "These vulnerabilities not only enable malicious actors to escape containerized environments but also allow for full control over the underlying host system. With the widespread adoption of containerization technologies in both development and production environments, such exploits pose significant risks to data integrity, confidentiality, and system stability.\n\nOpenShift Container Platform ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack, and disabling SELinux on the Openshift container platform is not supported. Hence, the impact of the Openshift Container Platform is reduced to Moderate.\n\nFor multicluster-engine (MCE) vulnerable versions of buildkit and runc are part of installed version of oc. However, they are not affecting the higher-level assisted-installer binary in MCE. The presence of these dependencies in the container does not imply a security risk to the containerized application itself, as it is based on low-level packages included in the oc binary, and the impact to the container\u0027s core functionality is minimal.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-21626" }, { "category": "external", "summary": "RHBZ#2258725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258725" }, { "category": "external", "summary": "RHSB-2024-001", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-001" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21626", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21626" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626" }, { "category": "external", "summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", "url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv" } ], "release_date": "2024-01-31T20:01:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Red Hat Enterprise Linux (RHEL) and OpenShift ships with SELinux in targeted enforcing mode, which prevents the container processes from accessing host content and mitigates this attack. Dockerfiles can be inspected on the \u0027RUN\u0027\u00a0and \u0027WORKDIR\u0027 directives to ensure that there are no escapes or malicious paths, which are an indication of compromise. Limiting access and only using trusted container images can help prevent unauthorized access and malicious attacks.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "runc: file descriptor leak" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-17T18:49:17+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4597" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-0:2.440.3.1718879390-3.el8.src", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.noarch", "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1718879538-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_3634
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3634", "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3634.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-06T22:08:21+00:00", "generator": { "date": "2024-11-06T22:08:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3634", "initial_release_date": "2024-06-05T14:47:02+00:00", "revision_history": [ { "date": "2024-06-05T14:47:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:47:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T22:08:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.14", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716387933-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716387933-3.el8.src", "product_id": "jenkins-0:2.440.3.1716387933-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product_id": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716387933-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1716388016-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716387933-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716387933-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716387933-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716387933-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.14.1716388016-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3634" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.440.3.1716387933-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1716388016-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_4873
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4873", "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json" } ], "title": "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", "tracking": { "current_release_date": "2024-11-06T15:09:18+00:00", "generator": { "date": "2024-11-06T15:09:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4873", "initial_release_date": "2024-07-25T15:04:49+00:00", "revision_history": [ { "date": "2024-07-25T15:04:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-25T15:04:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:09:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product": { "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_id": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:apicurio_registry:2.6" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51775", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266921" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose4j: denial of service via specially crafted JWE", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51775" }, { "category": "external", "summary": "RHBZ#2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775" } ], "release_date": "2024-02-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose4j: denial of service via specially crafted JWE" }, { "cve": "CVE-2024-2700", "cwe": { "id": "CWE-526", "name": "Cleartext Storage of Sensitive Information in an Environment Variable" }, "discovery_date": "2024-04-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2273281" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", "title": "Vulnerability description" }, { "category": "summary", "text": "quarkus-core: Leak of local configuration properties into Quarkus applications", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2700" }, { "category": "external", "summary": "RHBZ#2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700" } ], "release_date": "2024-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "quarkus-core: Leak of local configuration properties into Quarkus applications" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
rhsa-2024_4884
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI supportd (CVE-2024-1300)\n\n* undertow: url-encoded request path information can be broken on ajp-listener (CVE-2024-6162)\n\n* jetty: stop accepting new connections from valid clients (CVE-2024-22201)\n\n* threetenbp: null pointer exception (CVE-2024-23081)\n\n* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service (CVE-2024-29857)\n\n* org.bouncycastle-bcprov-jdk18on: bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) (CVE-2024-30171)\n\n* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class (CVE-2024-30172)\n\n* mvel: TimeOut error when calling ParseTools.subCompileExpression() function (CVE-2023-51079)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4884", "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2256065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065" }, { "category": "external", "summary": "2260840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "category": "external", "summary": "2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2266523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523" }, { "category": "external", "summary": "2274197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197" }, { "category": "external", "summary": "2276360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360" }, { "category": "external", "summary": "2292211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" }, { "category": "external", "summary": "2293025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025" }, { "category": "external", "summary": "2293028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028" }, { "category": "external", "summary": "2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4884.json" } ], "title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.", "tracking": { "current_release_date": "2024-11-06T15:09:28+00:00", "generator": { "date": "2024-11-06T15:09:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4884", "initial_release_date": "2024-07-25T19:26:07+00:00", "revision_history": [ { "date": "2024-07-25T19:26:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-25T19:26:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:09:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product": { "name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product_id": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product_identification_helper": { "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" } } } ], "category": "product_family", "name": "Red Hat Build of Apache Camel" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51079", "discovery_date": "2023-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2256065" } ], "notes": [ { "category": "description", "text": "[DISPUTED] A vulnerability was found in the ParseTools.subCompileExpression() method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to undesired outcomes or disruptions.", "title": "Vulnerability description" }, { "category": "summary", "text": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is disputed because the only anticipated outcome is that the parser will take an exceptionally long time to complete its task.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51079" }, { "category": "external", "summary": "RHBZ#2256065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51079", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079" }, { "category": "external", "summary": "https://github.com/mvel/mvel/issues/348", "url": "https://github.com/mvel/mvel/issues/348" } ], "release_date": "2023-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function" }, { "cve": "CVE-2024-1023", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2024-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260840" } ], "notes": [ { "category": "description", "text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "category": "external", "summary": "RHBZ#2260840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/issues/5078", "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/pull/5080", "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/pull/5082", "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "release_date": "2024-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx" }, { "cve": "CVE-2024-1300", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2263139" } ], "notes": [ { "category": "description", "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "title": "Vulnerability description" }, { "category": "summary", "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support", "title": "Vulnerability summary" }, { "category": "other", "text": "This affects only TLS servers with SNI enabled.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "category": "external", "summary": "RHBZ#2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300" }, { "category": "external", "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "release_date": "2024-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support" }, { "cve": "CVE-2024-1597", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2024-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266523" } ], "notes": [ { "category": "description", "text": "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", "title": "Vulnerability description" }, { "category": "summary", "text": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "title": "Vulnerability summary" }, { "category": "other", "text": "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application\u0027s database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn\u0027t directly utilize the PostgreSQL JDBC Driver and doesn\u0027t set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1597" }, { "category": "external", "summary": "RHBZ#2266523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1597", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597" }, { "category": "external", "summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56" }, { "category": "external", "summary": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/" }, { "category": "external", "summary": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE" }, { "cve": "CVE-2024-5971", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2292211" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", "title": "Vulnerability summary" }, { "category": "other", "text": "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow\u0027s mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-5971" }, { "category": "external", "summary": "RHBZ#2292211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-5971", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5971" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971" } ], "release_date": "2024-07-08T20:46:55+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket" }, { "cve": "CVE-2024-6162", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293069" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: url-encoded request path information can be broken on ajp-listener", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important because it specifically affects URL-encoded request paths under concurrent access conditions, primarily through the AJP listener. While it can lead to 404 errors or application failures, it does not inherently compromise data integrity, security, or lead to direct unauthorized access. The impact is limited to incorrect handling of certain URL-encoded paths, which means it primarily disrupts access to static or encoded resources rather than posing a broader risk to the system\u2019s overall security or functionality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "category": "external", "summary": "RHBZ#2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6162", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162" }, { "category": "external", "summary": "https://issues.redhat.com/browse/JBEAP-26268", "url": "https://issues.redhat.com/browse/JBEAP-26268" } ], "release_date": "2024-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: url-encoded request path information can be broken on ajp-listener" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23081", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "discovery_date": "2024-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274197" } ], "notes": [ { "category": "description", "text": "A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "threetenbp: null pointer exception", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23081" }, { "category": "external", "summary": "RHBZ#2274197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23081" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081" }, { "category": "external", "summary": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3", "url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3" }, { "category": "external", "summary": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17", "url": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17" }, { "category": "external", "summary": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671", "url": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671" } ], "release_date": "2024-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "threetenbp: null pointer exception" }, { "cve": "CVE-2024-29857", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293028" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java). Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29857" }, { "category": "external", "summary": "RHBZ#2293028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857" } ], "release_date": "2024-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service" }, { "acknowledgments": [ { "names": [ "Hubert Kario" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2024-30171", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2024-04-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2276360" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process (a.k.a. Marvin Attack). An attacker can recover cipher-texts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-30171" }, { "category": "external", "summary": "RHBZ#2276360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171" }, { "category": "external", "summary": "https://people.redhat.com/~hkario/marvin/", "url": "https://people.redhat.com/~hkario/marvin/" } ], "release_date": "2024-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)" }, { "cve": "CVE-2024-30172", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293025" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-30172" }, { "category": "external", "summary": "RHBZ#2293025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172" }, { "category": "external", "summary": "https://www.bouncycastle.org/latest_releases.html", "url": "https://www.bouncycastle.org/latest_releases.html" } ], "release_date": "2024-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class" } ] }
rhsa-2024_3635
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read vulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted constructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined classes (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization (CVE-2024-28149)\n\n* Jetty: Stops accepting new connections from valid clients (CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the protojson.Unmarshal function causes an infinite loop in the encoding/protojson and internal/encoding/json packages of Golang-protobuf (CVE-2024-24786)\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal vulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS scores, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3635", "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3635.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", "tracking": { "current_release_date": "2024-11-06T22:08:34+00:00", "generator": { "date": "2024-11-06T22:08:34+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3635", "initial_release_date": "2024-06-05T14:47:22+00:00", "revision_history": [ { "date": "2024-06-05T14:47:22+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:47:22+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T22:08:34+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.12", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445200-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716445200-3.el8.src", "product_id": "jenkins-0:2.440.3.1716445200-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product_id": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445200-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1716445211-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445200-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716445200-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445200-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716445200-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.12.1716445211-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:47:22+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3635" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.440.3.1716445200-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1716445211-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
rhsa-2024_3636
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors the execution of\nrecurring jobs, such as software builds or cron jobs.\n\nSecurity fixes:\n\n* jenkins-2-plugins: Git-server plugin has an arbitrary file read\nvulnerability (CVE-2024-23899)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via crafted\nconstructor bodies (CVE-2024-34144)\n\n* jenkins-plugin/script-security: Sandbox bypass occurs via sandbox-defined\nclasses (CVE-2024-34145)\n\n* jenkins-2-plugins: HTML Publisher plugin has improper input sanitization\n(CVE-2024-28149)\n\n* jetty: Stops accepting new connections from valid clients\n(CVE-2024-22201)\n\n* SSH: Prefix truncation attack on Binary Packet Protocol (BPP)\n(CVE-2023-48795)\n\n* golang-protobuf: Unmarshaling certain forms of invalid JSON in the\nprotojson.Unmarshal function causes an infinite loop in the\nencoding/protojson and internal/encoding/json packages of Golang-protobuf\n(CVE-2024-24786).\n\n* jenkins-2-plugins: Matrix-project plugin has a path traversal\nvulnerability (CVE-2024-23900)\n\nFor more details about these security issues, including their impact, CVSS\nscores, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3636", "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3636.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-06T22:08:45+00:00", "generator": { "date": "2024-11-06T22:08:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:3636", "initial_release_date": "2024-06-05T14:46:12+00:00", "revision_history": [ { "date": "2024-06-05T14:46:12+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-05T14:46:12+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T22:08:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.13", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445150-3.el8.src", "product": { "name": "jenkins-0:2.440.3.1716445150-3.el8.src", "product_id": "jenkins-0:2.440.3.1716445150-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product_id": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product": { "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product_id": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.440.3.1716445150-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1716445207-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445150-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch" }, "product_reference": "jenkins-0:2.440.3.1716445150-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.440.3.1716445150-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src" }, "product_reference": "jenkins-0:2.440.3.1716445150-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.13.1716445207-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23899", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260183" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Git Server Plugin for Jenkins. This issue could allow an attacker to read the first two lines of arbitrary files on the server\u0027s file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23899" }, { "category": "external", "summary": "RHBZ#2260183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260183" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23899", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23899" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: git-server plugin arbitrary file read vulnerability" }, { "cve": "CVE-2024-23900", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2024-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260184" } ], "notes": [ { "category": "description", "text": "A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system with content not controllable by the attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23900" }, { "category": "external", "summary": "RHBZ#2260184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260184" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23900", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23900" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins: matrix-project plugin path traversal vulnerability" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28149", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268227" } ], "notes": [ { "category": "description", "text": "A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting (XSS) attacks and determine whether a path on the Jenkins controller file system exists, without being able to access it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "HTML Publisher Plugin 1.32.1 removes support for reports created before HTML Publisher Plugin 1.15. Those reports are retained on the disk, but may no longer be accessible through the Jenkins UI.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28149" }, { "category": "external", "summary": "RHBZ#2268227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268227" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28149", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28149" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301", "url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301" } ], "release_date": "2024-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin" }, { "cve": "CVE-2024-34144", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278820" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34144" }, { "category": "external", "summary": "RHBZ#2278820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34144", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34144" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34144" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies" }, { "cve": "CVE-2024-34145", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2024-05-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2278821" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. This flaw allows authenticated attackers to define and execute sandboxed scripts, including Pipelines, bypassing sandbox protection mechanisms and executing arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe Script Security Plugin features a sandbox functionality designed to enable users with limited privileges to create scripts, including Pipelines, which are generally safe for execution. This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted.\r\n\r\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include:\r\n\r\n- Exploiting crafted constructor bodies that trigger other constructors, thereby allowing the construction of any subclassable type through implicit casts.\r\n- Utilizing Groovy classes defined within the sandbox that overshadow certain non-sandboxed classes, facilitating the creation of any subclassable type.\r\n\r\nThese vulnerabilities enable attackers, who have the permission to create and execute sandboxed scripts including Pipelines, to circumvent sandbox protections and execute arbitrary code within the context of the Jenkins controller JVM.\r\n\r\nThe fixed version of this script incorporates enhanced restrictions and sanity checks. These improvements ensure that calls to super constructors are intercepted by the sandbox, including:\r\n\r\n- Ensuring that calls to other constructors via \u0027this\u0027 are now appropriately managed within the sandbox.\r\n- No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a process being able to access resources outside an assigned sandbox.\n\nThe vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. These vulnerabilities include exploiting specially crafted constructor bodies, utilizing certain groovy classes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34145" }, { "category": "external", "summary": "RHBZ#2278821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278821" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34145", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34145" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34145" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/05/02/3", "url": "http://www.openwall.com/lists/oss-security/2024/05/02/3" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341", "url": "https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341" } ], "release_date": "2024-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-05T14:46:12+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3636" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.440.3.1716445150-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1716445207-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes" } ] }
ghsa-rggv-cv7r-mw98
Vulnerability from github
Impact
If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection.
This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle.
An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.
The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers.
Patches
Patched versions: * 9.4.54 * 10.0.20 * 11.0.20 * 12.0.6
Workarounds
Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty. HTTP/1.x is not affected.
References
- https://github.com/jetty/jetty.project/issues/11256.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 9.4.53" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http2:http2-common" }, "ranges": [ { "events": [ { "introduced": "9.3.0" }, { "fixed": "9.4.54" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 10.0.19" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http2:http2-common" }, "ranges": [ { "events": [ { "introduced": "10.0.0" }, { "fixed": "10.0.20" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 10.0.19" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http3:http3-common" }, "ranges": [ { "events": [ { "introduced": "10.0.8" }, { "fixed": "10.0.20" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 11.0.19" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http2:http2-common" }, "ranges": [ { "events": [ { "introduced": "11.0.0" }, { "fixed": "11.0.20" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 11.0.19" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http3:http3-common" }, "ranges": [ { "events": [ { "introduced": "11.0.8" }, { "fixed": "11.0.20" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 12.0.5" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http2:jetty-http2-common" }, "ranges": [ { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.6" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 12.0.5" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty.http3:jetty-http3-common" }, "ranges": [ { "events": [ { "introduced": "12.0.0" }, { "fixed": "12.0.6" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-22201" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2024-02-26T20:13:46Z", "nvd_published_at": "2024-02-26T16:27:56Z", "severity": "HIGH" }, "details": "### Impact\nIf an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written.\nHowever it is not written because the connection is TCP congested.\nWhen another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection.\n\nThis leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle.\n\nAn attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.\n\nThe client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers.\n\n### Patches\nPatched versions:\n* 9.4.54\n* 10.0.20\n* 11.0.20\n* 12.0.6\n\n### Workarounds\nDisable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty.\nHTTP/1.x is not affected.\n\n### References\n* https://github.com/jetty/jetty.project/issues/11256.\n", "id": "GHSA-rggv-cv7r-mw98", "modified": "2024-05-02T18:38:17Z", "published": "2024-02-26T20:13:46Z", "references": [ { "type": "WEB", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "type": "WEB", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "type": "WEB", "url": "https://github.com/jetty/jetty.project/issues/11259" }, { "type": "WEB", "url": "https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188" }, { "type": "WEB", "url": "https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810" }, { "type": "PACKAGE", "url": "https://github.com/jetty/jetty.project" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240329-0001" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2024/03/20/2" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Connection leaking on idle timeout when TCP congested" }
gsd-2024-22201
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-22201" ], "details": "Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\n\n", "id": "GSD-2024-22201", "modified": "2024-01-08T06:02:13.786738Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-22201", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "jetty.project", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e= 9.3.0, \u003c= 9.4.53" }, { "version_affected": "=", "version_value": "\u003e= 10.0.0, \u003c= 10.0.19" }, { "version_affected": "=", "version_value": "\u003e= 11.0.0, \u003c= 11.0.19" }, { "version_affected": "=", "version_value": "\u003e= 12.0.0, \u003c= 12.0.5" } ] } } ] }, "vendor_name": "jetty" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\n\n" } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-400", "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "refsource": "MISC", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" }, { "name": "https://github.com/jetty/jetty.project/issues/11256", "refsource": "MISC", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "name": "https://security.netapp.com/advisory/ntap-20240329-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/ntap-20240329-0001/" }, { "name": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" } ] }, "source": { "advisory": "GHSA-rggv-cv7r-mw98", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\n\n" }, { "lang": "es", "value": "Jetty es un servidor web y motor de servlet basado en Java. Una conexi\u00f3n SSL HTTP/2 que est\u00e9 establecida y TCP congestionada se filtrar\u00e1 cuando expire el tiempo de espera. Un atacante puede provocar que muchas conexiones terminen en este estado y que el servidor se quede sin descriptores de archivos, lo que eventualmente provocar\u00e1 que el servidor deje de aceptar nuevas conexiones de clientes v\u00e1lidos. La vulnerabilidad est\u00e1 parcheada en 9.4.54, 10.0.20, 11.0.20 y 12.0.6." } ], "id": "CVE-2024-22201", "lastModified": "2024-04-06T22:15:07.670", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-02-26T16:27:56.343", "references": [ { "source": "security-advisories@github.com", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "source": "security-advisories@github.com", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" }, { "source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html" }, { "source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20240329-0001/" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-400" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.