Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22371 (GCVE-0-2024-22371)
Vulnerability from cvelistv5
Published
2024-02-26 09:22
Modified
2024-10-31 13:03
Severity ?
EPSS score ?
Summary
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Camel |
Version: 3.21.x ≤ 3.21.3 Version: 3.22.x ≤ 3.22.0 Version: 4.0.x ≤ 4.0.3 Version: 4.x ≤ 4.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:43:34.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://camel.apache.org/security/CVE-2024-22371.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-22371", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T14:48:22.345763Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T13:03:53.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Camel", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.6.0", status: "unaffected", version: "1.x", versionType: "semver", }, { lessThanOrEqual: "3.21.3", status: "affected", version: "3.21.x", versionType: "semver", }, { lessThanOrEqual: "3.22.0", status: "affected", version: "3.22.x", versionType: "semver", }, { lessThanOrEqual: "4.0.3", status: "affected", version: "4.0.x", versionType: "semver", }, { lessThanOrEqual: "4.3.0", status: "affected", version: "4.x", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Otavio Rodolfo Piske from the Apache Software Foundation", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.<p>This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.</p><p>Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.</p>", }, ], value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "Low", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data.", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-26T09:22:38.384Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://camel.apache.org/security/CVE-2024-22371.html", }, ], source: { defect: [ "CAMEL-20305", ], discovery: "INTERNAL", }, title: "Apache Camel issue on ExchangeCreatedEvent", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-22371", datePublished: "2024-02-26T09:22:38.384Z", dateReserved: "2024-01-09T12:04:27.624Z", dateUpdated: "2024-10-31T13:03:53.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\\n\\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Exposici\\u00f3n de datos confidenciales mediante la creaci\\u00f3n de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versi\\u00f3n 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema.\"}]", id: "CVE-2024-22371", lastModified: "2024-11-21T08:56:08.540", metrics: "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.9, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.4, \"impactScore\": 1.4}]}", published: "2024-02-26T16:27:56.557", references: "[{\"url\": \"https://camel.apache.org/security/CVE-2024-22371.html\", \"source\": \"security@apache.org\"}, {\"url\": \"https://camel.apache.org/security/CVE-2024-22371.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-922\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-22371\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-02-26T16:27:56.557\",\"lastModified\":\"2024-11-21T08:56:08.540\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\\n\\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Exposición de datos confidenciales mediante la creación de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versión 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"references\":[{\"url\":\"https://camel.apache.org/security/CVE-2024-22371.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://camel.apache.org/security/CVE-2024-22371.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://camel.apache.org/security/CVE-2024-22371.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:43:34.525Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22371\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-05T14:48:22.345763Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-922\", \"description\": \"CWE-922 Insecure Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-05T15:10:21.153Z\"}}], \"cna\": {\"title\": \"Apache Camel issue on ExchangeCreatedEvent\", \"source\": {\"defect\": [\"CAMEL-20305\"], \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Otavio Rodolfo Piske from the Apache Software Foundation\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"Low\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Camel\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.x\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.6.0\"}, {\"status\": \"affected\", \"version\": \"3.21.x\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.21.3\"}, {\"status\": \"affected\", \"version\": \"3.22.x\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.22.0\"}, {\"status\": \"affected\", \"version\": \"4.0.x\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.0.3\"}, {\"status\": \"affected\", \"version\": \"4.x\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.3.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://camel.apache.org/security/CVE-2024-22371.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\\n\\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.<p>This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.</p><p>Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.</p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data.\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-02-26T09:22:38.384Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-22371\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-31T13:03:53.000Z\", \"dateReserved\": \"2024-01-09T12:04:27.624Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-02-26T09:22:38.384Z\", \"assignerShortName\": \"apache\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ghsa-qpxm-689r-3849
Vulnerability from github
Published
2024-02-26 18:30
Modified
2024-10-31 16:57
Severity ?
Summary
Apache Camel data exposure vulnerability
Details
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.camel:camel-core", }, ranges: [ { events: [ { introduced: "3.0.0", }, { fixed: "3.21.4", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.camel:camel-core", }, ranges: [ { events: [ { introduced: "3.22.0", }, { fixed: "3.22.1", }, ], type: "ECOSYSTEM", }, ], versions: [ "3.22.0", ], }, { package: { ecosystem: "Maven", name: "org.apache.camel:camel-core", }, ranges: [ { events: [ { introduced: "4.0.0", }, { fixed: "4.0.4", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.camel:camel-core", }, ranges: [ { events: [ { introduced: "4.1.0", }, { fixed: "4.4.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-22371", ], database_specific: { cwe_ids: [ "CWE-200", "CWE-922", ], github_reviewed: true, github_reviewed_at: "2024-02-26T21:30:37Z", nvd_published_at: "2024-02-26T16:27:56Z", severity: "LOW", }, details: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel. This issue affects Apache Camel: from 3.0.0 through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", id: "GHSA-qpxm-689r-3849", modified: "2024-10-31T16:57:20Z", published: "2024-02-26T18:30:30Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", }, { type: "WEB", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { type: "PACKAGE", url: "https://github.com/apache/camel", }, { type: "WEB", url: "https://issues.apache.org/jira/browse/CAMEL-20305", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", type: "CVSS_V3", }, ], summary: "Apache Camel data exposure vulnerability", }
RHSA-2024:4057
Vulnerability from csaf_redhat
Published
2024-06-24 01:38
Modified
2025-04-04 05:07
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.33.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Release of OpenShift Serverless Logic 1.33.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n\n* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4057", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", }, { category: "external", summary: "2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4057.json", }, ], title: "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements", tracking: { current_release_date: "2025-04-04T05:07:12+00:00", generator: { date: "2025-04-04T05:07:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:4057", initial_release_date: "2024-06-24T01:38:27+00:00", revision_history: [ { date: "2024-06-24T01:38:27+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-24T01:38:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-04T05:07:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Serverless 1.33", product: { name: "Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_serverless:1.33::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Serverless", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6717", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253952", }, ], notes: [ { category: "description", text: "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6717", }, { category: "external", summary: "RHBZ#2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6717", url: "https://www.cve.org/CVERecord?id=CVE-2023-6717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { acknowledgments: [ { names: [ "Adriano Márcio Monteiro", ], }, ], cve: "CVE-2024-1249", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-02-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262918", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in Keycloak's OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1249", }, { category: "external", summary: "RHBZ#2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1249", url: "https://www.cve.org/CVERecord?id=CVE-2024-1249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", }, { cve: "CVE-2024-1597", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2024-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266523", }, ], notes: [ { category: "description", text: "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", title: "Vulnerability description", }, { category: "summary", text: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", title: "Vulnerability summary", }, { category: "other", text: "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application's database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn't directly utilize the PostgreSQL JDBC Driver and doesn't set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1597", }, { category: "external", summary: "RHBZ#2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1597", url: "https://www.cve.org/CVERecord?id=CVE-2024-1597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", }, { category: "external", summary: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", }, { category: "external", summary: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", url: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", }, { category: "external", summary: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", url: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", }, { cve: "CVE-2024-22371", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266024", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent.", title: "Vulnerability description", }, { category: "summary", text: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22371", }, { category: "external", summary: "RHBZ#2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22371", url: "https://www.cve.org/CVERecord?id=CVE-2024-22371", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", }, { category: "external", summary: "https://camel.apache.org/security/CVE-2024-22371.html", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20305", url: "https://issues.apache.org/jira/browse/CAMEL-20305", }, ], release_date: "2024-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264988", }, ], notes: [ { category: "description", text: "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25710", }, { category: "external", summary: "RHBZ#2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25710", url: "https://www.cve.org/CVERecord?id=CVE-2024-25710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/02/19/1", url: "http://www.openwall.com/lists/oss-security/2024/02/19/1", }, { category: "external", summary: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264989", }, ], notes: [ { category: "description", text: "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-26308", }, { category: "external", summary: "RHBZ#2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-26308", url: "https://www.cve.org/CVERecord?id=CVE-2024-26308", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", url: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2024/02/19/2", url: "https://www.openwall.com/lists/oss-security/2024/02/19/2", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", }, ], }
rhsa-2024:4057
Vulnerability from csaf_redhat
Published
2024-06-24 01:38
Modified
2025-04-04 05:07
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.33.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Release of OpenShift Serverless Logic 1.33.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n\n* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4057", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", }, { category: "external", summary: "2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4057.json", }, ], title: "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements", tracking: { current_release_date: "2025-04-04T05:07:12+00:00", generator: { date: "2025-04-04T05:07:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:4057", initial_release_date: "2024-06-24T01:38:27+00:00", revision_history: [ { date: "2024-06-24T01:38:27+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-24T01:38:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-04T05:07:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Serverless 1.33", product: { name: "Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_serverless:1.33::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Serverless", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6717", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253952", }, ], notes: [ { category: "description", text: "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6717", }, { category: "external", summary: "RHBZ#2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6717", url: "https://www.cve.org/CVERecord?id=CVE-2023-6717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { acknowledgments: [ { names: [ "Adriano Márcio Monteiro", ], }, ], cve: "CVE-2024-1249", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-02-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262918", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in Keycloak's OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1249", }, { category: "external", summary: "RHBZ#2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1249", url: "https://www.cve.org/CVERecord?id=CVE-2024-1249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", }, { cve: "CVE-2024-1597", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2024-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266523", }, ], notes: [ { category: "description", text: "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", title: "Vulnerability description", }, { category: "summary", text: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", title: "Vulnerability summary", }, { category: "other", text: "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application's database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn't directly utilize the PostgreSQL JDBC Driver and doesn't set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1597", }, { category: "external", summary: "RHBZ#2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1597", url: "https://www.cve.org/CVERecord?id=CVE-2024-1597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", }, { category: "external", summary: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", }, { category: "external", summary: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", url: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", }, { category: "external", summary: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", url: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", }, { cve: "CVE-2024-22371", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266024", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent.", title: "Vulnerability description", }, { category: "summary", text: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22371", }, { category: "external", summary: "RHBZ#2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22371", url: "https://www.cve.org/CVERecord?id=CVE-2024-22371", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", }, { category: "external", summary: "https://camel.apache.org/security/CVE-2024-22371.html", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20305", url: "https://issues.apache.org/jira/browse/CAMEL-20305", }, ], release_date: "2024-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264988", }, ], notes: [ { category: "description", text: "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25710", }, { category: "external", summary: "RHBZ#2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25710", url: "https://www.cve.org/CVERecord?id=CVE-2024-25710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/02/19/1", url: "http://www.openwall.com/lists/oss-security/2024/02/19/1", }, { category: "external", summary: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264989", }, ], notes: [ { category: "description", text: "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-26308", }, { category: "external", summary: "RHBZ#2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-26308", url: "https://www.cve.org/CVERecord?id=CVE-2024-26308", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", url: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2024/02/19/2", url: "https://www.openwall.com/lists/oss-security/2024/02/19/2", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", }, ], }
rhsa-2024_4057
Vulnerability from csaf_redhat
Published
2024-06-24 01:38
Modified
2024-12-17 02:00
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.33.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)
* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)
* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Release of OpenShift Serverless Logic 1.33.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS (CVE-2024-1249)\n\n* keycloak: XSS via assertion consumer service URL in SAML POST-binding flow (CVE-2023-6717)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* camel-core: Exposure of sensitive data by crafting a malicious EventFactory (CVE-2024-22371)\n\n* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\n* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4057", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", url: "https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", }, { category: "external", summary: "2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4057.json", }, ], title: "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements", tracking: { current_release_date: "2024-12-17T02:00:37+00:00", generator: { date: "2024-12-17T02:00:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:4057", initial_release_date: "2024-06-24T01:38:27+00:00", revision_history: [ { date: "2024-06-24T01:38:27+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-24T01:38:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T02:00:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Serverless 1.33", product: { name: "Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_serverless:1.33::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Serverless", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0?arch=ppc64le&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496?arch=amd64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_id: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_id: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", product_identification_helper: { purl: "pkg:oci/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_id: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_id: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", product_identification_helper: { purl: "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_id: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", product_identification_helper: { purl: "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_id: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", product_identification_helper: { purl: "pkg:oci/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_id: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", product_identification_helper: { purl: "pkg:oci/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator&tag=1.33.0-3", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_id: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8&tag=1.33.0-5", }, }, }, { category: "product_version", name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_id: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", product_identification_helper: { purl: "pkg:oci/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca?arch=arm64&repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8&tag=1.33.0-5", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", }, product_reference: "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", }, product_reference: "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", }, product_reference: "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", }, product_reference: "openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", }, product_reference: "openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", relates_to_product_reference: "8Base-RHOSS-1.33", }, { category: "default_component_of", full_product_name: { name: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64 as a component of Red Hat OpenShift Serverless 1.33", product_id: "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", }, product_reference: "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", relates_to_product_reference: "8Base-RHOSS-1.33", }, ], }, vulnerabilities: [ { cve: "CVE-2023-6717", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253952", }, ], notes: [ { category: "description", text: "A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6717", }, { category: "external", summary: "RHBZ#2253952", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253952", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6717", url: "https://www.cve.org/CVERecord?id=CVE-2023-6717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6717", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "keycloak: XSS via assertion consumer service URL in SAML POST-binding flow", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { acknowledgments: [ { names: [ "Adriano Márcio Monteiro", ], }, ], cve: "CVE-2024-1249", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-02-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262918", }, ], notes: [ { category: "description", text: "A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.", title: "Vulnerability description", }, { category: "summary", text: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in Keycloak's OIDC component allowing unvalidated cross-origin messages in the \"checkLoginIframe\" function represents an important severity issue due to its potential to cause significant disruption and resource exhaustion. Exploitation of this flaw can lead to a Denial of Service (DoS) condition, where malicious actors can overwhelm the server with a high volume of requests, impacting availability for legitimate users. The absence of proper origin validation means attackers can exploit this weakness relatively easily, leveraging automated scripts to flood the server within seconds.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1249", }, { category: "external", summary: "RHBZ#2262918", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262918", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1249", url: "https://www.cve.org/CVERecord?id=CVE-2024-1249", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1249", }, ], release_date: "2024-04-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS", }, { cve: "CVE-2024-1597", cwe: { id: "CWE-89", name: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, discovery_date: "2024-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266523", }, ], notes: [ { category: "description", text: "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", title: "Vulnerability description", }, { category: "summary", text: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", title: "Vulnerability summary", }, { category: "other", text: "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application's database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn't directly utilize the PostgreSQL JDBC Driver and doesn't set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-1597", }, { category: "external", summary: "RHBZ#2266523", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266523", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-1597", url: "https://www.cve.org/CVERecord?id=CVE-2024-1597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", }, { category: "external", summary: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", url: "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", }, { category: "external", summary: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", url: "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", }, { category: "external", summary: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", url: "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", }, { cve: "CVE-2024-22371", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266024", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Camel. This issue may allow an attacker to expose sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent.", title: "Vulnerability description", }, { category: "summary", text: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22371", }, { category: "external", summary: "RHBZ#2266024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266024", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22371", url: "https://www.cve.org/CVERecord?id=CVE-2024-22371", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22371", }, { category: "external", summary: "https://camel.apache.org/security/CVE-2024-22371.html", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "https://issues.apache.org/jira/browse/CAMEL-20305", url: "https://issues.apache.org/jira/browse/CAMEL-20305", }, ], release_date: "2024-02-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "camel-core: Exposure of sensitive data by crafting a malicious EventFactory", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264988", }, ], notes: [ { category: "description", text: "A loop with an unreachable exit condition (Infinite Loop) vulnerability was found in Apache Common Compress. This issue can lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25710", }, { category: "external", summary: "RHBZ#2264988", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264988", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25710", url: "https://www.cve.org/CVERecord?id=CVE-2024-25710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/02/19/1", url: "http://www.openwall.com/lists/oss-security/2024/02/19/1", }, { category: "external", summary: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", url: "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-02-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2264989", }, ], notes: [ { category: "description", text: "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.", title: "Vulnerability description", }, { category: "summary", text: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-26308", }, { category: "external", summary: "RHBZ#2264989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264989", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-26308", url: "https://www.cve.org/CVERecord?id=CVE-2024-26308", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", url: "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2024/02/19/2", url: "https://www.openwall.com/lists/oss-security/2024/02/19/2", }, ], release_date: "2024-02-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-24T01:38:27+00:00", details: "See the Red Hat OpenShift serverless 1.33 documentation at: \nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.33", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4057", }, { category: "workaround", details: "No mitigation is currently available for this vulnerability.", product_ids: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:1d4c65ddd65b54b387f21bdabf408d180bcc0d835fec714a2c06b643187279de_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:2223754df4f475fc7240df4d833c3ad3d757375ceb2dba359164bd6e8475d267_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:90938287390c5d53dd8311699daa4304444e0727fa1aed18e6b4712ef2da8ee4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:1050e0b388b09c494bcb2f9bc9d74eb1f12b1ef93218e3920434f7c09b22f9eb_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:d6951064cd3ac48107a93d9d21df106157df0232645bb2d847589fda496b5c9a_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:f188dc873609058aa3a4911526df0afc1f32c8b986c02646b403932750db5d19_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:1b186d5cd499f69de3f9b6053092ce1e634ac4101c8dec5bbae664a0405ec4a3_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:2664e7f4c310f561e254f1b07a1f189e8c674556545d27f3e108358f04258979_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:40893aa91a3cbbe99aa0e47032e64e31c176d0b857a3fe36151668f87ed1b346_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:19c9009a5f3a73553ebbb0a34063a9236635d41f9457de150d12f8b1c9d9a80e_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a7fc943642f5272d25292a25bfd6d2a35ef30e5f9a7419f935988a764741ba57_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:ed0f3c6feaed07a6f2ce2774fdb2ec96aa4855426396a39350289528794818bc_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:32613823ccf9bba0b8bb586b9859c4b68b548953445ee221907bedf1841a1dc9_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:ab13f02335cf4f22b72d7a477b1de9c3634b2a6d66ddc536192d0061d7f572d5_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:8309ccf050075499e5052a6af4ecfd53755636663a2ec0f4f0e94e9e6ddc251f_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:e405a41d8c91661bae11aadc0a79490e3bc8ef278fc15c2dc2f026b300af1775_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-operator-bundle@sha256:f4495c801002a4501b6b472a2f709cf6f7e0955b74d407254f4aa00a5c26932c_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:8fcf378e87a1eb66dd3906edff827ed55e5d991eb6961bf1d101eacfaaaeec40_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:e113674a0ce7abadb084823420724af4f97a7e109cfe921bad907e5d1cd46dca_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-rhel8-operator@sha256:fbff2eb7134a4f3b3aff8ac3768981fcabd11aff983a366948ac75816c26a5b9_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:278dc04865d985aba56ff0a6e6a2aa2fdce544459cab642dacb6e8de948a19aa_arm64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:35a03270b6f2908fd611f4e1eeb4fdc3d44ac82bb6dc188a03bb134d86def8f4_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b4a682402e78ad34e16ab038771f51205a7c117de49bb8f585eb7a0bfa59a586_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:0fa9ee1c7cd198e83187511f24084661cbbaa3f4d6a496e3ead0349a672fc5d0_ppc64le", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:a24194315193f8d7e46f7c2862b88356c2e676287503cc58dbad629f0f196496_amd64", "8Base-RHOSS-1.33:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:f98022ead7f3708016d5815be0d637a22f288af66b6f4a6be906afd7ce7514ca_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "commons-compress: OutOfMemoryError unpacking broken Pack200 file", }, ], }
WID-SEC-W-2024-0422
Vulnerability from csaf_certbund
Published
2024-02-19 23:00
Modified
2024-06-23 22:00
Summary
Apache Camel: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Camel ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Camel ausnutzen, um Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0422 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0422.json", }, { category: "self", summary: "WID-SEC-2024-0422 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0422", }, { category: "external", summary: "Apache Camel Security Advisory vom 2024-02-19", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2834 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2834", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4057 vom 2024-06-24", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], source_lang: "en-US", title: "Apache Camel: Schwachstelle ermöglicht Offenlegung von Informationen", tracking: { current_release_date: "2024-06-23T22:00:00.000+00:00", generator: { date: "2024-08-15T18:05:24.861+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0422", initial_release_date: "2024-02-19T23:00:00.000+00:00", revision_history: [ { date: "2024-02-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-16T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-23T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<3.21.4", product: { name: "Apache Camel <3.21.4", product_id: "T032891", }, }, { category: "product_version_range", name: "<3.22.1", product: { name: "Apache Camel <3.22.1", product_id: "T032892", }, }, { category: "product_version_range", name: "<4.0.4", product: { name: "Apache Camel <4.0.4", product_id: "T032893", }, }, { category: "product_version_range", name: "<4.4.0", product: { name: "Apache Camel <4.4.0", product_id: "T032894", }, }, ], category: "product_name", name: "Camel", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version", name: "Camel Extensions for Quarkus 1", product: { name: "Red Hat Integration Camel Extensions for Quarkus 1", product_id: "T026453", product_identification_helper: { cpe: "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1", }, }, }, ], category: "product_name", name: "Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-22371", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel. Dieser Fehler besteht in der Komponente EventFactory, die es einem entfernten, anonymen Angreifer ermöglicht, diese Schwachstelle auszunutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "67646", "T026453", ], }, release_date: "2024-02-19T23:00:00.000+00:00", title: "CVE-2024-22371", }, ], }
wid-sec-w-2024-0422
Vulnerability from csaf_certbund
Published
2024-02-19 23:00
Modified
2024-06-23 22:00
Summary
Apache Camel: Schwachstelle ermöglicht Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Camel ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Camel ausnutzen, um Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0422 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0422.json", }, { category: "self", summary: "WID-SEC-2024-0422 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0422", }, { category: "external", summary: "Apache Camel Security Advisory vom 2024-02-19", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2834 vom 2024-05-16", url: "https://access.redhat.com/errata/RHSA-2024:2834", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4057 vom 2024-06-24", url: "https://access.redhat.com/errata/RHSA-2024:4057", }, ], source_lang: "en-US", title: "Apache Camel: Schwachstelle ermöglicht Offenlegung von Informationen", tracking: { current_release_date: "2024-06-23T22:00:00.000+00:00", generator: { date: "2024-08-15T18:05:24.861+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0422", initial_release_date: "2024-02-19T23:00:00.000+00:00", revision_history: [ { date: "2024-02-19T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-16T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-23T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<3.21.4", product: { name: "Apache Camel <3.21.4", product_id: "T032891", }, }, { category: "product_version_range", name: "<3.22.1", product: { name: "Apache Camel <3.22.1", product_id: "T032892", }, }, { category: "product_version_range", name: "<4.0.4", product: { name: "Apache Camel <4.0.4", product_id: "T032893", }, }, { category: "product_version_range", name: "<4.4.0", product: { name: "Apache Camel <4.4.0", product_id: "T032894", }, }, ], category: "product_name", name: "Camel", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version", name: "Camel Extensions for Quarkus 1", product: { name: "Red Hat Integration Camel Extensions for Quarkus 1", product_id: "T026453", product_identification_helper: { cpe: "cpe:/a:redhat:integration:camel_extensions_for_quarkus_1", }, }, }, ], category: "product_name", name: "Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-22371", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Camel. Dieser Fehler besteht in der Komponente EventFactory, die es einem entfernten, anonymen Angreifer ermöglicht, diese Schwachstelle auszunutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "67646", "T026453", ], }, release_date: "2024-02-19T23:00:00.000+00:00", title: "CVE-2024-22371", }, ], }
gsd-2024-22371
Vulnerability from gsd
Modified
2024-01-10 06:02
Details
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-22371", ], details: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", id: "GSD-2024-22371", modified: "2024-01-10T06:02:20.841296Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2024-22371", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Camel", version: { version_data: [ { version_value: "not down converted", x_cve_json_5_version_data: { defaultStatus: "unaffected", versions: [ { lessThanOrEqual: "1.6.0", status: "unaffected", version: "1.x", versionType: "semver", }, { lessThanOrEqual: "3.21.3", status: "affected", version: "3.21.x", versionType: "semver", }, { lessThanOrEqual: "3.22.0", status: "affected", version: "3.22.x", versionType: "semver", }, { lessThanOrEqual: "4.0.3", status: "affected", version: "4.0.x", versionType: "semver", }, { lessThanOrEqual: "4.3.0", status: "affected", version: "4.x", versionType: "semver", }, ], }, }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credits: [ { lang: "en", value: "Otavio Rodolfo Piske from the Apache Software Foundation", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", }, ], }, generator: { engine: "Vulnogram 0.1.0-dev", }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data.", }, ], }, ], }, references: { reference_data: [ { name: "https://camel.apache.org/security/CVE-2024-22371.html", refsource: "MISC", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, ], }, source: { defect: [ "CAMEL-20305", ], discovery: "INTERNAL", }, }, "nvd.nist.gov": { cve: { descriptions: [ { lang: "en", value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", }, ], id: "CVE-2024-22371", lastModified: "2024-02-26T16:32:25.577", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 1.4, source: "security@apache.org", type: "Secondary", }, ], }, published: "2024-02-26T16:27:56.557", references: [ { source: "security@apache.org", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", }, }, }, }
fkie_cve-2024-22371
Vulnerability from fkie_nvd
Published
2024-02-26 16:27
Modified
2024-11-21 08:56
Severity ?
Summary
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.
Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0.\n\nUsers are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue.\n\n", }, { lang: "es", value: "Exposición de datos confidenciales mediante la creación de un EventFactory malicioso y proporcionando un ExchangeCreatedEvent personalizado que expone datos confidenciales. Vulnerabilidad en Apache Camel. Este problema afecta a Apache Camel: desde 3.21.X hasta 3.21.3, desde 3.22.X hasta 3.22.0, desde 4.0.X hasta 4.0.3, desde 4.X hasta 4.3.0. Se recomienda a los usuarios actualizar a la versión 3.21.4, 3.22.1, 4.0.4 o 4.4.0, que soluciona el problema.", }, ], id: "CVE-2024-22371", lastModified: "2024-11-21T08:56:08.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 2.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 1.4, source: "security@apache.org", type: "Secondary", }, ], }, published: "2024-02-26T16:27:56.557", references: [ { source: "security@apache.org", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://camel.apache.org/security/CVE-2024-22371.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-922", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.