Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-29041
Vulnerability from cvelistv5
Published
2024-03-25 20:20
Modified
2024-08-02 01:03
Severity ?
EPSS score ?
Summary
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29041", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-26T13:59:28.274744Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:57:16.909Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { name: "https://github.com/koajs/koa/issues/1800", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/koajs/koa/issues/1800", }, { name: "https://github.com/expressjs/express/pull/5539", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/expressjs/express/pull/5539", }, { name: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { name: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { name: "https://expressjs.com/en/4x/api.html#res.location", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://expressjs.com/en/4x/api.html#res.location", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "express", vendor: "expressjs", versions: [ { status: "affected", version: ">=4.14.0, <4.19.0", }, { status: "affected", version: ">=5.0.0-alpha.1, <5.0.0-beta.3", }, ], }, ], descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1286", description: "CWE-1286: Improper Validation of Syntactic Correctness of Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-25T20:20:06.205Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { name: "https://github.com/koajs/koa/issues/1800", tags: [ "x_refsource_MISC", ], url: "https://github.com/koajs/koa/issues/1800", }, { name: "https://github.com/expressjs/express/pull/5539", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/express/pull/5539", }, { name: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { name: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { name: "https://expressjs.com/en/4x/api.html#res.location", tags: [ "x_refsource_MISC", ], url: "https://expressjs.com/en/4x/api.html#res.location", }, ], source: { advisory: "GHSA-rv95-896h-c2vc", discovery: "UNKNOWN", }, title: "Express.js Open Redirect in malformed URLs", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-29041", datePublished: "2024-03-25T20:20:06.205Z", dateReserved: "2024-03-14T16:59:47.614Z", dateUpdated: "2024-08-02T01:03:51.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.\"}, {\"lang\": \"es\", \"value\": \"El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirecci\\u00f3n utilizando una URL proporcionada por el usuario, Express realiza una codificaci\\u00f3n [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicaci\\u00f3n`. Esto puede hacer que las URL con formato incorrecto se eval\\u00faen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento com\\u00fan en aplicaciones Express, lo que lleva a una redirecci\\u00f3n abierta al omitir una lista permitida implementada correctamente. El m\\u00e9todo principal afectado es `res.location()` pero tambi\\u00e9n se llama desde `res.redirect()`. La vulnerabilidad se solucion\\u00f3 en 4.19.2 y 5.0.0-beta.3.\"}]", id: "CVE-2024-29041", lastModified: "2024-11-21T09:07:26.023", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}", published: "2024-03-25T21:15:46.847", references: "[{\"url\": \"https://expressjs.com/en/4x/api.html#res.location\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/expressjs/express/pull/5539\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/koajs/koa/issues/1800\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://expressjs.com/en/4x/api.html#res.location\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/expressjs/express/pull/5539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/koajs/koa/issues/1800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}, {\"lang\": \"en\", \"value\": \"CWE-1286\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-29041\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-25T21:15:46.847\",\"lastModified\":\"2024-11-21T09:07:26.023\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.\"},{\"lang\":\"es\",\"value\":\"El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirección utilizando una URL proporcionada por el usuario, Express realiza una codificación [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicación`. Esto puede hacer que las URL con formato incorrecto se evalúen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento común en aplicaciones Express, lo que lleva a una redirección abierta al omitir una lista permitida implementada correctamente. El método principal afectado es `res.location()` pero también se llama desde `res.redirect()`. La vulnerabilidad se solucionó en 4.19.2 y 5.0.0-beta.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"},{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"references\":[{\"url\":\"https://expressjs.com/en/4x/api.html#res.location\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/pull/5539\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/koajs/koa/issues/1800\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://expressjs.com/en/4x/api.html#res.location\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/pull/5539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/koajs/koa/issues/1800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"cna\": {\"title\": \"Express.js Open Redirect in malformed URLs\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-601\", \"lang\": \"en\", \"description\": \"CWE-601: URL Redirection to Untrusted Site ('Open Redirect')\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-1286\", \"lang\": \"en\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"scope\": \"CHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\"}, {\"name\": \"https://github.com/koajs/koa/issues/1800\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/koajs/koa/issues/1800\"}, {\"name\": \"https://github.com/expressjs/express/pull/5539\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/expressjs/express/pull/5539\"}, {\"name\": \"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\"}, {\"name\": \"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\"}, {\"name\": \"https://expressjs.com/en/4x/api.html#res.location\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://expressjs.com/en/4x/api.html#res.location\"}], \"affected\": [{\"vendor\": \"expressjs\", \"product\": \"express\", \"versions\": [{\"version\": \">=4.14.0, <4.19.0\", \"status\": \"affected\"}, {\"version\": \">=5.0.0-alpha.1, <5.0.0-beta.3\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-03-25T20:20:06.205Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.\"}], \"source\": {\"advisory\": \"GHSA-rv95-896h-c2vc\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29041\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-26T13:59:28.274744Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:19.506Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}", cveMetadata: "{\"cveId\": \"CVE-2024-29041\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-03-14T16:59:47.614Z\", \"datePublished\": \"2024-03-25T20:20:06.205Z\", \"dateUpdated\": \"2024-06-04T17:57:16.909Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
gsd-2024-29041
Vulnerability from gsd
Modified
2024-04-02 05:02
Details
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-29041", ], details: "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", id: "GSD-2024-29041", modified: "2024-04-02T05:02:57.579467Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2024-29041", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "express", version: { version_data: [ { version_affected: "=", version_value: ">=4.14.0, <4.19.0", }, { version_affected: "=", version_value: ">=5.0.0-alpha.1, <5.0.0-beta.3", }, ], }, }, ], }, vendor_name: "expressjs", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", }, ], }, impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-601", lang: "eng", value: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", }, ], }, { description: [ { cweId: "CWE-1286", lang: "eng", value: "CWE-1286: Improper Validation of Syntactic Correctness of Input", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", refsource: "MISC", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { name: "https://github.com/koajs/koa/issues/1800", refsource: "MISC", url: "https://github.com/koajs/koa/issues/1800", }, { name: "https://github.com/expressjs/express/pull/5539", refsource: "MISC", url: "https://github.com/expressjs/express/pull/5539", }, { name: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", refsource: "MISC", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { name: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", refsource: "MISC", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { name: "https://expressjs.com/en/4x/api.html#res.location", refsource: "MISC", url: "https://expressjs.com/en/4x/api.html#res.location", }, ], }, source: { advisory: "GHSA-rv95-896h-c2vc", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { cve: { descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", }, { lang: "es", value: "El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirección utilizando una URL proporcionada por el usuario, Express realiza una codificación [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicación`. Esto puede hacer que las URL con formato incorrecto se evalúen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento común en aplicaciones Express, lo que lleva a una redirección abierta al omitir una lista permitida implementada correctamente. El método principal afectado es `res.location()` pero también se llama desde `res.redirect()`. La vulnerabilidad se solucionó en 4.19.2 y 5.0.0-beta.3.", }, ], id: "CVE-2024-29041", lastModified: "2024-03-26T12:55:05.010", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-03-25T21:15:46.847", references: [ { source: "security-advisories@github.com", url: "https://expressjs.com/en/4x/api.html#res.location", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/pull/5539", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { source: "security-advisories@github.com", url: "https://github.com/koajs/koa/issues/1800", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-1286", }, { lang: "en", value: "CWE-601", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }, }, }, }
wid-sec-w-2024-2036
Vulnerability from csaf_certbund
Published
2024-09-03 22:00
Modified
2024-12-12 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-2036 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2036.json", }, { category: "self", summary: "WID-SEC-2024-2036 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2036", }, { category: "external", summary: "RedHat Security Advisory vom 2024-09-03", url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6210 vom 2024-09-03", url: "https://rhn.redhat.com/errata/RHSA-2024:6210.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6667 vom 2024-09-13", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7624 vom 2024-10-03", url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8023 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8023", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8076 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8076", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8075 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8075", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8080 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8080", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8077 vom 2024-10-14", url: "https://access.redhat.com/errata/RHSA-2024:8077", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2024-78DF19AAF3 vom 2024-10-15", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-78df19aaf3", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8906 vom 2024-11-05", url: "https://access.redhat.com/errata/RHSA-2024:8906", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8981 vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:8981", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:10775 vom 2024-12-04", url: "https://access.redhat.com/errata/RHSA-2024:10775", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12", url: "https://access.redhat.com/errata/RHSA-2024:11023", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen", tracking: { current_release_date: "2024-12-12T23:00:00.000+00:00", generator: { date: "2024-12-13T10:13:32.981+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-2036", initial_release_date: "2024-09-03T22:00:00.000+00:00", revision_history: [ { date: "2024-09-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-09-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-13T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-14T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-15T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-11-05T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-12T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-03T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.6.1", product: { name: "Red Hat OpenShift Service Mesh Containers <2.6.1", product_id: "T037234", }, }, { category: "product_version", name: "Service Mesh Containers 2.6.1", product: { name: "Red Hat OpenShift Service Mesh Containers 2.6.1", product_id: "T037234-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.6.1", }, }, }, { category: "product_version", name: "CodeReady Workspaces", product: { name: "Red Hat OpenShift CodeReady Workspaces", product_id: "T037618", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:codeready_workspaces", }, }, }, { category: "product_version_range", name: "Data Foundation <4.14.11", product: { name: "Red Hat OpenShift Data Foundation <4.14.11", product_id: "T037941", }, }, { category: "product_version", name: "Data Foundation 4.14.11", product: { name: "Red Hat OpenShift Data Foundation 4.14.11", product_id: "T037941-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:data_foundation__4.14.11", }, }, }, { category: "product_version_range", name: "Container Platform <4.17.4", product: { name: "Red Hat OpenShift Container Platform <4.17.4", product_id: "T038989", }, }, { category: "product_version", name: "Container Platform 4.17.4", product: { name: "Red Hat OpenShift Container Platform 4.17.4", product_id: "T038989-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.17.4", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29041", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Fehler existieren in Express.js, dem Axios-HTTP-Client und dem NPM-Paket aufgrund verschiedener sicherheitsrelevanter Probleme, wie z. B. einer offenen Umleitung oder einem unkontrollierten Ressourcenverbrauch. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T037618", "T038989", "67646", "T037941", "74185", "T037234", ], }, release_date: "2024-09-03T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2024-39338", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Fehler existieren in Express.js, dem Axios-HTTP-Client und dem NPM-Paket aufgrund verschiedener sicherheitsrelevanter Probleme, wie z. B. einer offenen Umleitung oder einem unkontrollierten Ressourcenverbrauch. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T037618", "T038989", "67646", "T037941", "74185", "T037234", ], }, release_date: "2024-09-03T22:00:00.000+00:00", title: "CVE-2024-39338", }, { cve: "CVE-2024-4067", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Fehler existieren in Express.js, dem Axios-HTTP-Client und dem NPM-Paket aufgrund verschiedener sicherheitsrelevanter Probleme, wie z. B. einer offenen Umleitung oder einem unkontrollierten Ressourcenverbrauch. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T037618", "T038989", "67646", "T037941", "74185", "T037234", ], }, release_date: "2024-09-03T22:00:00.000+00:00", title: "CVE-2024-4067", }, { cve: "CVE-2024-4068", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Fehler existieren in Express.js, dem Axios-HTTP-Client und dem NPM-Paket aufgrund verschiedener sicherheitsrelevanter Probleme, wie z. B. einer offenen Umleitung oder einem unkontrollierten Ressourcenverbrauch. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T037618", "T038989", "67646", "T037941", "74185", "T037234", ], }, release_date: "2024-09-03T22:00:00.000+00:00", title: "CVE-2024-4068", }, ], }
wid-sec-w-2024-1590
Vulnerability from csaf_certbund
Published
2024-07-10 22:00
Modified
2024-12-18 23:00
Summary
HCL BigFix: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial of Service Angriff durchzuführen, ertrauliche Informationen preiszugeben, Daten zu manipulieren und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial of Service Angriff durchzuführen, ertrauliche Informationen preiszugeben, Daten zu manipulieren und Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1590 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1590.json", }, { category: "self", summary: "WID-SEC-2024-1590 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1590", }, { category: "external", summary: "HCL Security Bulletin vom 2024-07-10", url: "https://support.hcltechsw.com/community?id=community_blog&sys_id=41c2808e1b930ad0534c4159cc4bcba7", }, { category: "external", summary: "HCL Security Bulletin vom 2024-07-10", url: "https://support.hcltechsw.com/community?id=community_blog&sys_id=944daab91b1786d0534c4159cc4bcb58", }, { category: "external", summary: "HCL Security Bulletin vom 2024-07-10", url: "https://support.hcltechsw.com/community?id=community_blog&sys_id=cef753bd1bd3c6d0534c4159cc4bcbaa", }, { category: "external", summary: "HCL Security Bulletin vom 2024-07-10", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114657", }, { category: "external", summary: "HCL Article KB0114591 vom 2024-07-28", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114591", }, { category: "external", summary: "HCL Security Bulletin vom 2024-12-18", url: "https://support.hcl-software.com/community?id=community_blog&sys_id=1af3c435fb2216d0db10f2797befdc15", }, ], source_lang: "en-US", title: "HCL BigFix: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-18T23:00:00.000+00:00", generator: { date: "2024-12-19T09:14:43.596+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1590", initial_release_date: "2024-07-10T22:00:00.000+00:00", revision_history: [ { date: "2024-07-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-07-28T22:00:00.000+00:00", number: "2", summary: "Neue Updates von HCL aufgenommen", }, { date: "2024-12-18T23:00:00.000+00:00", number: "3", summary: "Neue Updates aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "WebUI", product: { name: "HCL BigFix WebUI", product_id: "T023767", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:webui", }, }, }, { category: "product_version_range", name: "Query <4.7.0", product: { name: "HCL BigFix Query <4.7.0", product_id: "T036096", }, }, { category: "product_version", name: "Query 4.7.0", product: { name: "HCL BigFix Query 4.7.0", product_id: "T036096-fixed", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:query__4.7.0", }, }, }, { category: "product_version_range", name: "PM <84", product: { name: "HCL BigFix PM <84", product_id: "T036097", }, }, { category: "product_version", name: "PM 84", product: { name: "HCL BigFix PM 84", product_id: "T036097-fixed", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:pm__84", }, }, }, { category: "product_version", name: "WebUI", product: { name: "HCL BigFix WebUI", product_id: "T036098", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:webui", }, }, }, { category: "product_version", name: "Server Automation", product: { name: "HCL BigFix Server Automation", product_id: "T039915", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:server_automation", }, }, }, ], category: "product_name", name: "BigFix", }, ], category: "vendor", name: "HCL", }, ], }, vulnerabilities: [ { cve: "CVE-2024-33883", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix WebUI-Sites. Diese Fehler besteht, weil die eingebetteten JavaScript-Vorlagen aufgrund des Fehlens eines bestimmten Verschmutzungsschutzes anfällig sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben, Dateien zu manipulieren und einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T036096", "T036097", "T039915", "T023767", "T036098", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-33883", }, { cve: "CVE-2023-42282", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgemäßen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgemäßen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen", }, ], product_status: { known_affected: [ "T036096", "T039915", "T023767", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2023-42282", }, { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgemäßen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgemäßen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen", }, ], product_status: { known_affected: [ "T036096", "T039915", "T023767", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2021-43306", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgemäßen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitslücke CVE-2022-31147 besteht aufgrund der unvollständigen Behebung von CVE-2021-43306.", }, ], product_status: { known_affected: [ "T036096", "T036097", "T039915", "T023767", "T036098", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2021-43306", }, { cve: "CVE-2022-31147", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgemäßen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitslücke CVE-2022-31147 besteht aufgrund der unvollständigen Behebung von CVE-2021-43306.", }, ], product_status: { known_affected: [ "T036096", "T036097", "T039915", "T023767", "T036098", ], }, release_date: "2024-07-10T22:00:00.000+00:00", title: "CVE-2022-31147", }, ], }
wid-sec-w-2025-0010
Vulnerability from csaf_certbund
Published
2025-01-05 23:00
Modified
2025-01-05 23:00
Summary
HCL BigFix Server Automation: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix Server Automation ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und Phishing-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix Server Automation ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und Phishing-Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0010 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0010.json", }, { category: "self", summary: "WID-SEC-2025-0010 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0010", }, { category: "external", summary: "HCL Security Bulletin vom 2025-01-05", url: "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0118216", }, ], source_lang: "en-US", title: "HCL BigFix Server Automation: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-05T23:00:00.000+00:00", generator: { date: "2025-01-06T10:32:20.257+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0010", initial_release_date: "2025-01-05T23:00:00.000+00:00", revision_history: [ { date: "2025-01-05T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "Server Automation <9.5.70", product: { name: "HCL BigFix Server Automation <9.5.70", product_id: "T040006", }, }, { category: "product_version", name: "Server Automation 9.5.70", product: { name: "HCL BigFix Server Automation 9.5.70", product_id: "T040006-fixed", product_identification_helper: { cpe: "cpe:/a:hcltech:bigfix:server_automation___9.5.70", }, }, }, ], category: "product_name", name: "BigFix", }, ], category: "vendor", name: "HCL", }, ], }, vulnerabilities: [ { cve: "CVE-2023-26159", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix Server Automation. Die Schwachstelle besteht in der follow-redirects Bibliothek aufgrund einer unsachgemäßen Eingabevalidierung bei der Behandlung von URLs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Hostnamen über speziell gestaltete Eingaben zu manipulieren, wenn \"new URL()\" fehlschlägt. Dadurch kann der Datenverkehr auf bösartige Websites umgeleitet werden, was zu Phishing-Angriffen, der Offenlegung von Informationen oder anderen Sicherheitsverletzungen führen kann. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion, das Opfer muss dem manipulierten Link folgen.", }, ], product_status: { known_affected: [ "T040006", ], }, release_date: "2025-01-05T23:00:00.000+00:00", title: "CVE-2023-26159", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix Server Automation. Der Fehler besteht aufgrund der unsachgemäßen Löschung des Proxy-Authentifizierungs-Headers bei domänenübergreifenden Umleitungen im Paket follow-redirects, was zur Preisgabe von Anmeldeinformationen führt. Ein anonymer, entfernter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T040006", ], }, release_date: "2025-01-05T23:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in HCL BigFix Server Automation. Diese Schwachstelle besteht aufgrund einer offenen Redirect-Schwachstelle in Express.js, die auf eine fehlerhafte URL-Behandlung zurückzuführen ist, die eine ordnungsgemäß implementierte Genehmigungsliste umgeht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Phishing-Angriff durchzuführen.", }, ], product_status: { known_affected: [ "T040006", ], }, release_date: "2025-01-05T23:00:00.000+00:00", title: "CVE-2024-29041", }, ], }
wid-sec-w-2024-0956
Vulnerability from csaf_certbund
Published
2024-04-23 22:00
Modified
2024-05-12 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0956 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json", }, { category: "self", summary: "WID-SEC-2024-0956 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149177", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149179", }, { category: "external", summary: "IBM Security Bulletin 7150843 vom 2024-05-10", url: "https://www.ibm.com/support/pages/node/7150843", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T18:08:07.080+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0956", initial_release_date: "2024-04-23T22:00:00.000+00:00", revision_history: [ { date: "2024-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_version_range", name: "<11.5.0", product: { name: "IBM App Connect Enterprise <11.5.0", product_id: "T034375", }, }, { category: "product_version_range", name: "<5.0.17 LTS", product: { name: "IBM App Connect Enterprise <5.0.17 LTS", product_id: "T034376", }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2024-30260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30261", }, ], }
WID-SEC-W-2024-0956
Vulnerability from csaf_certbund
Published
2024-04-23 22:00
Modified
2024-05-12 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0956 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json", }, { category: "self", summary: "WID-SEC-2024-0956 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149177", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149179", }, { category: "external", summary: "IBM Security Bulletin 7150843 vom 2024-05-10", url: "https://www.ibm.com/support/pages/node/7150843", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T18:08:07.080+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0956", initial_release_date: "2024-04-23T22:00:00.000+00:00", revision_history: [ { date: "2024-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_version_range", name: "<11.5.0", product: { name: "IBM App Connect Enterprise <11.5.0", product_id: "T034375", }, }, { category: "product_version_range", name: "<5.0.17 LTS", product: { name: "IBM App Connect Enterprise <5.0.17 LTS", product_id: "T034376", }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2024-30260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30261", }, ], }
RHSA-2024:4873
Vulnerability from csaf_redhat
Published
2024-07-25 15:04
Modified
2025-03-24 11:45
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.
Security Fix(es):
* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)
* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)
* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)
* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)
* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4873", url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", tracking: { current_release_date: "2025-03-24T11:45:46+00:00", generator: { date: "2025-03-24T11:45:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:4873", initial_release_date: "2024-07-25T15:04:49+00:00", revision_history: [ { date: "2024-07-25T15:04:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-25T15:04:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T11:45:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.1 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.1 GA", product_id: "Red Hat build of Apicurio Registry 2.6.1 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
RHSA-2024:3868
Vulnerability from csaf_redhat
Published
2024-06-17 00:43
Modified
2025-04-10 05:22
Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Notes
Topic
Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3868", url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "NETOBSERV-1279", url: "https://issues.redhat.com/browse/NETOBSERV-1279", }, { category: "external", summary: "NETOBSERV-1408", url: "https://issues.redhat.com/browse/NETOBSERV-1408", }, { category: "external", summary: "NETOBSERV-1424", url: "https://issues.redhat.com/browse/NETOBSERV-1424", }, { category: "external", summary: "NETOBSERV-1453", url: "https://issues.redhat.com/browse/NETOBSERV-1453", }, { category: "external", summary: "NETOBSERV-1459", url: "https://issues.redhat.com/browse/NETOBSERV-1459", }, { category: "external", summary: "NETOBSERV-1462", url: "https://issues.redhat.com/browse/NETOBSERV-1462", }, { category: "external", summary: "NETOBSERV-1544", url: "https://issues.redhat.com/browse/NETOBSERV-1544", }, { category: "external", summary: "NETOBSERV-1598", url: "https://issues.redhat.com/browse/NETOBSERV-1598", }, { category: "external", summary: "NETOBSERV-1606", url: "https://issues.redhat.com/browse/NETOBSERV-1606", }, { category: "external", summary: "NETOBSERV-1607", url: "https://issues.redhat.com/browse/NETOBSERV-1607", }, { category: "external", summary: "NETOBSERV-1621", url: "https://issues.redhat.com/browse/NETOBSERV-1621", }, { category: "external", summary: "NETOBSERV-1630", url: "https://issues.redhat.com/browse/NETOBSERV-1630", }, { category: "external", summary: "NETOBSERV-1647", url: "https://issues.redhat.com/browse/NETOBSERV-1647", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json", }, ], title: "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", tracking: { current_release_date: "2025-04-10T05:22:11+00:00", generator: { date: "2025-04-10T05:22:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:3868", initial_release_date: "2024-06-17T00:43:37+00:00", revision_history: [ { date: "2024-06-17T00:43:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-17T00:43:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T05:22:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "NETOBSERV 1.6 for RHEL 9", product: { name: "NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0", product_identification_helper: { cpe: "cpe:/a:redhat:network_observ_optr:1.6.0::el9", }, }, }, ], category: "product_family", name: "Network Observability", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_id: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_id: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_id: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_id: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_id: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_id: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_id: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_id: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_id: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_id: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_id: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_id: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39326", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253330", }, ], notes: [ { category: "description", text: "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39326", }, { category: "external", summary: "RHBZ#2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39326", url: "https://www.cve.org/CVERecord?id=CVE-2023-39326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2382", url: "https://pkg.go.dev/vuln/GO-2023-2382", }, ], release_date: "2023-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "No mitigation is available for this flaw.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", }, { cve: "CVE-2023-42282", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265161", }, ], notes: [ { category: "description", text: "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ip: arbitrary code execution via the isPublic() function", title: "Vulnerability summary", }, { category: "other", text: "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it's categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-42282", }, { category: "external", summary: "RHBZ#2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-42282", url: "https://www.cve.org/CVERecord?id=CVE-2023-42282", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", }, { category: "external", summary: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", url: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", }, ], release_date: "2024-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nodejs-ip: arbitrary code execution via the isPublic() function", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
rhsa-2024:3868
Vulnerability from csaf_redhat
Published
2024-06-17 00:43
Modified
2025-04-10 05:22
Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Notes
Topic
Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3868", url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "NETOBSERV-1279", url: "https://issues.redhat.com/browse/NETOBSERV-1279", }, { category: "external", summary: "NETOBSERV-1408", url: "https://issues.redhat.com/browse/NETOBSERV-1408", }, { category: "external", summary: "NETOBSERV-1424", url: "https://issues.redhat.com/browse/NETOBSERV-1424", }, { category: "external", summary: "NETOBSERV-1453", url: "https://issues.redhat.com/browse/NETOBSERV-1453", }, { category: "external", summary: "NETOBSERV-1459", url: "https://issues.redhat.com/browse/NETOBSERV-1459", }, { category: "external", summary: "NETOBSERV-1462", url: "https://issues.redhat.com/browse/NETOBSERV-1462", }, { category: "external", summary: "NETOBSERV-1544", url: "https://issues.redhat.com/browse/NETOBSERV-1544", }, { category: "external", summary: "NETOBSERV-1598", url: "https://issues.redhat.com/browse/NETOBSERV-1598", }, { category: "external", summary: "NETOBSERV-1606", url: "https://issues.redhat.com/browse/NETOBSERV-1606", }, { category: "external", summary: "NETOBSERV-1607", url: "https://issues.redhat.com/browse/NETOBSERV-1607", }, { category: "external", summary: "NETOBSERV-1621", url: "https://issues.redhat.com/browse/NETOBSERV-1621", }, { category: "external", summary: "NETOBSERV-1630", url: "https://issues.redhat.com/browse/NETOBSERV-1630", }, { category: "external", summary: "NETOBSERV-1647", url: "https://issues.redhat.com/browse/NETOBSERV-1647", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json", }, ], title: "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", tracking: { current_release_date: "2025-04-10T05:22:11+00:00", generator: { date: "2025-04-10T05:22:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:3868", initial_release_date: "2024-06-17T00:43:37+00:00", revision_history: [ { date: "2024-06-17T00:43:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-17T00:43:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T05:22:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "NETOBSERV 1.6 for RHEL 9", product: { name: "NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0", product_identification_helper: { cpe: "cpe:/a:redhat:network_observ_optr:1.6.0::el9", }, }, }, ], category: "product_family", name: "Network Observability", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_id: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_id: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_id: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_id: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_id: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_id: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_id: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_id: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_id: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_id: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_id: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_id: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39326", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253330", }, ], notes: [ { category: "description", text: "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39326", }, { category: "external", summary: "RHBZ#2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39326", url: "https://www.cve.org/CVERecord?id=CVE-2023-39326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2382", url: "https://pkg.go.dev/vuln/GO-2023-2382", }, ], release_date: "2023-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "No mitigation is available for this flaw.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", }, { cve: "CVE-2023-42282", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265161", }, ], notes: [ { category: "description", text: "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ip: arbitrary code execution via the isPublic() function", title: "Vulnerability summary", }, { category: "other", text: "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it's categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-42282", }, { category: "external", summary: "RHBZ#2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-42282", url: "https://www.cve.org/CVERecord?id=CVE-2023-42282", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", }, { category: "external", summary: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", url: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", }, ], release_date: "2024-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nodejs-ip: arbitrary code execution via the isPublic() function", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
rhsa-2024:7164
Vulnerability from csaf_redhat
Published
2024-09-26 03:46
Modified
2025-04-10 00:21
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.8.4 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* axios: axios: Server-Side Request Forgery (CVE-2024-39338)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)
* containers/image: digest type does not guarantee valid type (CVE-2024-3727)
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.8.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)\n\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7164", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "2299624", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299624", }, { category: "external", summary: "2299625", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299625", }, { category: "external", summary: "2299628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299628", }, { category: "external", summary: "2299668", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299668", }, { category: "external", summary: "MIG-1592", url: "https://issues.redhat.com/browse/MIG-1592", }, { category: "external", summary: "MIG-1593", url: "https://issues.redhat.com/browse/MIG-1593", }, { category: "external", summary: "MIG-1598", url: "https://issues.redhat.com/browse/MIG-1598", }, { category: "external", summary: "MIG-1610", url: "https://issues.redhat.com/browse/MIG-1610", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7164.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update", tracking: { current_release_date: "2025-04-10T00:21:07+00:00", generator: { date: "2025-04-10T00:21:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7164", initial_release_date: "2024-09-26T03:46:53+00:00", revision_history: [ { date: "2024-09-26T03:46:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-26T03:46:53+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T00:21:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.8", product: { name: "8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.8.4-22", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.8.4-8", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.8.4-33", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.8.4-11", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.8.4-9", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8&tag=v1.8.4-9", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, ], }, vulnerabilities: [ { cve: "CVE-2019-25211", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-07-02T21:00:45+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295302", }, ], notes: [ { category: "description", text: "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.", title: "Vulnerability description", }, { category: "summary", text: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-25211", }, { category: "external", summary: "RHBZ#2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-25211", url: "https://www.cve.org/CVERecord?id=CVE-2019-25211", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", }, { category: "external", summary: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", url: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", }, { category: "external", summary: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", url: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", }, { category: "external", summary: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", url: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/106", url: "https://github.com/gin-contrib/cors/pull/106", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/57", url: "https://github.com/gin-contrib/cors/pull/57", }, { category: "external", summary: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", url: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", }, ], release_date: "2024-07-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2023-45288", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268273", }, ], notes: [ { category: "description", text: "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the “Affected Packages and Issued Red Hat Security Errata” section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45288", }, { category: "external", summary: "RHBZ#2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45288", url: "https://www.cve.org/CVERecord?id=CVE-2023-45288", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2687", url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2024-3727", cwe: { id: "CWE-354", name: "Improper Validation of Integrity Check Value", }, discovery_date: "2024-04-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2274767", }, ], notes: [ { category: "description", text: "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", title: "Vulnerability description", }, { category: "summary", text: "containers/image: digest type does not guarantee valid type", title: "Vulnerability summary", }, { category: "other", text: "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { category: "external", summary: "RHBZ#2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-3727", url: "https://www.cve.org/CVERecord?id=CVE-2024-3727", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", }, ], release_date: "2024-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containers/image: digest type does not guarantee valid type", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-24788", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-05-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2279814", }, ], notes: [ { category: "description", text: "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", title: "Vulnerability description", }, { category: "summary", text: "golang: net: malformed DNS message can cause infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24788", }, { category: "external", summary: "RHBZ#2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24788", url: "https://www.cve.org/CVERecord?id=CVE-2024-24788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2824", url: "https://pkg.go.dev/vuln/GO-2024-2824", }, ], release_date: "2024-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net: malformed DNS message can cause infinite loop", }, { cve: "CVE-2024-28180", cwe: { id: "CWE-409", name: "Improper Handling of Highly Compressed Data (Data Amplification)", }, discovery_date: "2024-03-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268854", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", title: "Vulnerability description", }, { category: "summary", text: "jose-go: improper handling of highly compressed data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28180", }, { category: "external", summary: "RHBZ#2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28180", url: "https://www.cve.org/CVERecord?id=CVE-2024-28180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", }, { category: "external", summary: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", url: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", }, ], release_date: "2024-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose-go: improper handling of highly compressed data", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-28863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-06-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2293200", }, ], notes: [ { category: "description", text: "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28863", }, { category: "external", summary: "RHBZ#2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28863", url: "https://www.cve.org/CVERecord?id=CVE-2024-28863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", }, { category: "external", summary: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", url: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240524-0005/", url: "https://security.netapp.com/advisory/ntap-20240524-0005/", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", }, { cve: "CVE-2024-29018", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270591", }, ], notes: [ { category: "description", text: "A vulnerability was found in Moby due to excessive data output in external DNS requests from \"internal\" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource transfer between spheres through specially crafted requests.", title: "Vulnerability description", }, { category: "summary", text: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29018", }, { category: "external", summary: "RHBZ#2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29018", url: "https://www.cve.org/CVERecord?id=CVE-2024-29018", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", }, { category: "external", summary: "https://github.com/moby/moby/pull/46609", url: "https://github.com/moby/moby/pull/46609", }, { category: "external", summary: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", url: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", }, ], release_date: "2024-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024:7624
Vulnerability from csaf_redhat
Published
2024-10-03 11:22
Modified
2025-04-08 19:30
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update
Notes
Topic
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.
Enhancement:
While creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.\n\nEnhancement: \n\nWhile creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)\n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7624", url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2276934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276934", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "2314151", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314151", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7624.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update", tracking: { current_release_date: "2025-04-08T19:30:33+00:00", generator: { date: "2025-04-08T19:30:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7624", initial_release_date: "2024-10-03T11:22:37+00:00", revision_history: [ { date: "2024-10-03T11:22:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-03T11:22:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-08T19:30:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHODF 4.14 for RHEL 9", product: { name: "RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_data_foundation:4.14::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Data Foundation", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_id: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256?arch=amd64&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_id: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_id: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_id: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_id: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_id: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_id: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_id: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_id: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_id: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_id: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00?arch=amd64&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_id: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_id: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_id: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274?arch=amd64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_id: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d?arch=amd64&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_id: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018?arch=amd64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_id: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022?arch=amd64&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_id: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef?arch=amd64&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_id: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598?arch=amd64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_id: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88?arch=amd64&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_id: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b?arch=s390x&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_id: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_id: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_id: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_id: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_id: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_id: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_id: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_id: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_id: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_id: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7?arch=s390x&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6?arch=s390x&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_id: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_id: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_id: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8?arch=s390x&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_id: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01?arch=s390x&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_id: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76?arch=s390x&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_id: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f?arch=s390x&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_id: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316?arch=s390x&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_id: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374?arch=s390x&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_id: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088?arch=s390x&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_id: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b?arch=ppc64le&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_id: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_id: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_id: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_id: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_id: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_id: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_id: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_id: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_id: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_id: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_id: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_id: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_id: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_id: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_id: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_id: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_id: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_id: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_id: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86?arch=ppc64le&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_id: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_id: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_id: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_id: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_id: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36?arch=arm64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_id: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f?arch=arm64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_id: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8?arch=arm64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_id: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed?arch=arm64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", }, product_reference: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", }, product_reference: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", }, product_reference: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", }, product_reference: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", }, product_reference: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", }, product_reference: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", }, product_reference: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", }, product_reference: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", }, product_reference: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", }, product_reference: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", }, product_reference: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", }, product_reference: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", }, product_reference: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", }, product_reference: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", }, product_reference: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", }, product_reference: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", }, product_reference: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", }, product_reference: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", }, product_reference: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", }, product_reference: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", }, product_reference: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", }, product_reference: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", }, product_reference: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", }, product_reference: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", }, product_reference: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", }, product_reference: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", }, product_reference: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", }, product_reference: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", }, product_reference: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", }, product_reference: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", }, product_reference: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", }, product_reference: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2024-6104", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2024-06-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2294000", }, ], notes: [ { category: "description", text: "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.", title: "Vulnerability description", }, { category: "summary", text: "go-retryablehttp: url might write sensitive information to log file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6104", }, { category: "external", summary: "RHBZ#2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6104", url: "https://www.cve.org/CVERecord?id=CVE-2024-6104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", }, ], release_date: "2024-06-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "go-retryablehttp: url might write sensitive information to log file", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-41818", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-29T16:24:42+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2300499", }, ], notes: [ { category: "description", text: "A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "fast-xml-parser: ReDOS at currency parsing in currency.js", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has decided to rate this vulnerability as Important due to the potential loss of Availability and the low complexity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41818", }, { category: "external", summary: "RHBZ#2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41818", url: "https://www.cve.org/CVERecord?id=CVE-2024-41818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", url: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", url: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", url: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", }, ], release_date: "2024-07-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "fast-xml-parser: ReDOS at currency parsing in currency.js", }, ], }
rhsa-2024:6211
Vulnerability from csaf_redhat
Published
2024-09-03 10:05
Modified
2025-04-10 00:20
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.1
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6211", url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "OSSM-6857", url: "https://issues.redhat.com/browse/OSSM-6857", }, { category: "external", summary: "OSSM-8006", url: "https://issues.redhat.com/browse/OSSM-8006", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6211.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update", tracking: { current_release_date: "2025-04-10T00:20:52+00:00", generator: { date: "2025-04-10T00:20:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:6211", initial_release_date: "2024-09-03T10:05:20+00:00", revision_history: [ { date: "2024-09-03T10:05:20+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-03T10:05:20+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T00:20:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-4067", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280601", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.", title: "Vulnerability description", }, { category: "summary", text: "micromatch: vulnerable to Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4067", }, { category: "external", summary: "RHBZ#2280601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4067", url: "https://www.cve.org/CVERecord?id=CVE-2024-4067", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", }, { category: "external", summary: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", url: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", }, { category: "external", summary: "https://github.com/micromatch/micromatch/issues/243", url: "https://github.com/micromatch/micromatch/issues/243", }, { category: "external", summary: "https://github.com/micromatch/micromatch/pull/247", url: "https://github.com/micromatch/micromatch/pull/247", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "micromatch: vulnerable to Regular Expression Denial of Service", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024_4873
Vulnerability from csaf_redhat
Published
2024-07-25 15:04
Modified
2024-12-18 04:36
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.
Security Fix(es):
* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)
* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)
* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)
* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)
* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4873", url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", tracking: { current_release_date: "2024-12-18T04:36:56+00:00", generator: { date: "2024-12-18T04:36:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:4873", initial_release_date: "2024-07-25T15:04:49+00:00", revision_history: [ { date: "2024-07-25T15:04:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-25T15:04:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T04:36:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.1 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.1 GA", product_id: "Red Hat build of Apicurio Registry 2.6.1 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
rhsa-2024_6211
Vulnerability from csaf_redhat
Published
2024-09-03 10:05
Modified
2024-12-18 05:41
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.1
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6211", url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "OSSM-6857", url: "https://issues.redhat.com/browse/OSSM-6857", }, { category: "external", summary: "OSSM-8006", url: "https://issues.redhat.com/browse/OSSM-8006", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6211.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update", tracking: { current_release_date: "2024-12-18T05:41:09+00:00", generator: { date: "2024-12-18T05:41:09+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:6211", initial_release_date: "2024-09-03T10:05:20+00:00", revision_history: [ { date: "2024-09-03T10:05:20+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-03T10:05:20+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T05:41:09+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-4067", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280601", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.", title: "Vulnerability description", }, { category: "summary", text: "micromatch: vulnerable to Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4067", }, { category: "external", summary: "RHBZ#2280601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4067", url: "https://www.cve.org/CVERecord?id=CVE-2024-4067", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", }, { category: "external", summary: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", url: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", }, { category: "external", summary: "https://github.com/micromatch/micromatch/issues/243", url: "https://github.com/micromatch/micromatch/issues/243", }, { category: "external", summary: "https://github.com/micromatch/micromatch/pull/247", url: "https://github.com/micromatch/micromatch/pull/247", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "micromatch: vulnerable to Regular Expression Denial of Service", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024_3868
Vulnerability from csaf_redhat
Published
2024-06-17 00:43
Modified
2024-12-18 04:35
Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Notes
Topic
Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3868", url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "NETOBSERV-1279", url: "https://issues.redhat.com/browse/NETOBSERV-1279", }, { category: "external", summary: "NETOBSERV-1408", url: "https://issues.redhat.com/browse/NETOBSERV-1408", }, { category: "external", summary: "NETOBSERV-1424", url: "https://issues.redhat.com/browse/NETOBSERV-1424", }, { category: "external", summary: "NETOBSERV-1453", url: "https://issues.redhat.com/browse/NETOBSERV-1453", }, { category: "external", summary: "NETOBSERV-1459", url: "https://issues.redhat.com/browse/NETOBSERV-1459", }, { category: "external", summary: "NETOBSERV-1462", url: "https://issues.redhat.com/browse/NETOBSERV-1462", }, { category: "external", summary: "NETOBSERV-1544", url: "https://issues.redhat.com/browse/NETOBSERV-1544", }, { category: "external", summary: "NETOBSERV-1598", url: "https://issues.redhat.com/browse/NETOBSERV-1598", }, { category: "external", summary: "NETOBSERV-1606", url: "https://issues.redhat.com/browse/NETOBSERV-1606", }, { category: "external", summary: "NETOBSERV-1607", url: "https://issues.redhat.com/browse/NETOBSERV-1607", }, { category: "external", summary: "NETOBSERV-1621", url: "https://issues.redhat.com/browse/NETOBSERV-1621", }, { category: "external", summary: "NETOBSERV-1630", url: "https://issues.redhat.com/browse/NETOBSERV-1630", }, { category: "external", summary: "NETOBSERV-1647", url: "https://issues.redhat.com/browse/NETOBSERV-1647", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json", }, ], title: "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", tracking: { current_release_date: "2024-12-18T04:35:48+00:00", generator: { date: "2024-12-18T04:35:48+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:3868", initial_release_date: "2024-06-17T00:43:37+00:00", revision_history: [ { date: "2024-06-17T00:43:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-17T00:43:37+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T04:35:48+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "NETOBSERV 1.6 for RHEL 9", product: { name: "NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0", product_identification_helper: { cpe: "cpe:/a:redhat:network_observ_optr:1.6.0::el9", }, }, }, ], category: "product_family", name: "Network Observability", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_id: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_id: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_id: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "arm64", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_id: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_id: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_id: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_id: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_id: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_id: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_id: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_id: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_id: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_id: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9&tag=v1.6.0-66", }, }, }, { category: "product_version", name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_id: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle&tag=1.6.0-78", }, }, }, { category: "product_version", name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_id: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", product_identification_helper: { purl: "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64&repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator&tag=v1.6.0-66", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", }, product_reference: "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", }, product_reference: "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", }, product_reference: "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", }, product_reference: "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", }, product_reference: "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, { category: "default_component_of", full_product_name: { name: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", product_id: "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", }, product_reference: "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", relates_to_product_reference: "9Base-NETWORK-OBSERVABILITY-1.6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39326", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2023-12-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2253330", }, ], notes: [ { category: "description", text: "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39326", }, { category: "external", summary: "RHBZ#2253330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39326", url: "https://www.cve.org/CVERecord?id=CVE-2023-39326", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2023-2382", url: "https://pkg.go.dev/vuln/GO-2023-2382", }, ], release_date: "2023-12-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "No mitigation is available for this flaw.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", }, { cve: "CVE-2023-42282", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265161", }, ], notes: [ { category: "description", text: "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ip: arbitrary code execution via the isPublic() function", title: "Vulnerability summary", }, { category: "other", text: "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it's categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-42282", }, { category: "external", summary: "RHBZ#2265161", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265161", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-42282", url: "https://www.cve.org/CVERecord?id=CVE-2023-42282", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", }, { category: "external", summary: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", url: "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", }, ], release_date: "2024-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nodejs-ip: arbitrary code execution via the isPublic() function", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2023-45290", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268017", }, ], notes: [ { category: "description", text: "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45290", }, { category: "external", summary: "RHBZ#2268017", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45290", url: "https://www.cve.org/CVERecord?id=CVE-2023-45290", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://go.dev/cl/569341", url: "https://go.dev/cl/569341", }, { category: "external", summary: "https://go.dev/issue/65383", url: "https://go.dev/issue/65383", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2599", url: "https://pkg.go.dev/vuln/GO-2024-2599", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0004", url: "https://security.netapp.com/advisory/ntap-20240329-0004", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", }, { cve: "CVE-2024-24783", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268019", }, ], notes: [ { category: "description", text: "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24783", }, { category: "external", summary: "RHBZ#2268019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24783", url: "https://www.cve.org/CVERecord?id=CVE-2024-24783", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", }, { category: "external", summary: "http://www.openwall.com/lists/oss-security/2024/03/08/4", url: "http://www.openwall.com/lists/oss-security/2024/03/08/4", }, { category: "external", summary: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", url: "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", }, { category: "external", summary: "https://go.dev/cl/569339", url: "https://go.dev/cl/569339", }, { category: "external", summary: "https://go.dev/issue/65390", url: "https://go.dev/issue/65390", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2598", url: "https://pkg.go.dev/vuln/GO-2024-2598", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240329-0005", url: "https://security.netapp.com/advisory/ntap-20240329-0005", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", }, { cve: "CVE-2024-24785", cwe: { id: "CWE-74", name: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", }, discovery_date: "2024-03-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268022", }, ], notes: [ { category: "description", text: "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24785", }, { category: "external", summary: "RHBZ#2268022", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24785", url: "https://www.cve.org/CVERecord?id=CVE-2024-24785", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", }, { category: "external", summary: "https://go.dev/cl/564196", url: "https://go.dev/cl/564196", }, { category: "external", summary: "https://go.dev/issue/65697", url: "https://go.dev/issue/65697", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", url: "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2024-2610.json", url: "https://vuln.go.dev/ID/GO-2024-2610.json", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: errors returned from MarshalJSON methods may break template escaping", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-03-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268046", }, ], notes: [ { category: "description", text: "A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", title: "Vulnerability description", }, { category: "summary", text: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "RHBZ#2268046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24786", url: "https://www.cve.org/CVERecord?id=CVE-2024-24786", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", }, { category: "external", summary: "https://go.dev/cl/569356", url: "https://go.dev/cl/569356", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", url: "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2611", url: "https://pkg.go.dev/vuln/GO-2024-2611", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-17T00:43:37+00:00", details: "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
rhsa-2024_7164
Vulnerability from csaf_redhat
Published
2024-09-26 03:46
Modified
2024-12-18 05:41
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.8.4 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* axios: axios: Server-Side Request Forgery (CVE-2024-39338)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)
* containers/image: digest type does not guarantee valid type (CVE-2024-3727)
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.8.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)\n\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7164", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "2299624", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299624", }, { category: "external", summary: "2299625", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299625", }, { category: "external", summary: "2299628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299628", }, { category: "external", summary: "2299668", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299668", }, { category: "external", summary: "MIG-1592", url: "https://issues.redhat.com/browse/MIG-1592", }, { category: "external", summary: "MIG-1593", url: "https://issues.redhat.com/browse/MIG-1593", }, { category: "external", summary: "MIG-1598", url: "https://issues.redhat.com/browse/MIG-1598", }, { category: "external", summary: "MIG-1610", url: "https://issues.redhat.com/browse/MIG-1610", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7164.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update", tracking: { current_release_date: "2024-12-18T05:41:22+00:00", generator: { date: "2024-12-18T05:41:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:7164", initial_release_date: "2024-09-26T03:46:53+00:00", revision_history: [ { date: "2024-09-26T03:46:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-26T03:46:53+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T05:41:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.8", product: { name: "8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.8.4-22", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.8.4-8", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.8.4-33", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.8.4-11", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.8.4-9", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8&tag=v1.8.4-9", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, ], }, vulnerabilities: [ { cve: "CVE-2019-25211", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-07-02T21:00:45+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295302", }, ], notes: [ { category: "description", text: "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.", title: "Vulnerability description", }, { category: "summary", text: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-25211", }, { category: "external", summary: "RHBZ#2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-25211", url: "https://www.cve.org/CVERecord?id=CVE-2019-25211", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", }, { category: "external", summary: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", url: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", }, { category: "external", summary: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", url: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", }, { category: "external", summary: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", url: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/106", url: "https://github.com/gin-contrib/cors/pull/106", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/57", url: "https://github.com/gin-contrib/cors/pull/57", }, { category: "external", summary: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", url: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", }, ], release_date: "2024-07-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2023-45288", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268273", }, ], notes: [ { category: "description", text: "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the “Affected Packages and Issued Red Hat Security Errata” section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45288", }, { category: "external", summary: "RHBZ#2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45288", url: "https://www.cve.org/CVERecord?id=CVE-2023-45288", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2687", url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2024-3727", cwe: { id: "CWE-354", name: "Improper Validation of Integrity Check Value", }, discovery_date: "2024-04-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2274767", }, ], notes: [ { category: "description", text: "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", title: "Vulnerability description", }, { category: "summary", text: "containers/image: digest type does not guarantee valid type", title: "Vulnerability summary", }, { category: "other", text: "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { category: "external", summary: "RHBZ#2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-3727", url: "https://www.cve.org/CVERecord?id=CVE-2024-3727", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", }, ], release_date: "2024-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containers/image: digest type does not guarantee valid type", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-24788", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-05-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2279814", }, ], notes: [ { category: "description", text: "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", title: "Vulnerability description", }, { category: "summary", text: "golang: net: malformed DNS message can cause infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24788", }, { category: "external", summary: "RHBZ#2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24788", url: "https://www.cve.org/CVERecord?id=CVE-2024-24788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2824", url: "https://pkg.go.dev/vuln/GO-2024-2824", }, ], release_date: "2024-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net: malformed DNS message can cause infinite loop", }, { cve: "CVE-2024-28180", cwe: { id: "CWE-409", name: "Improper Handling of Highly Compressed Data (Data Amplification)", }, discovery_date: "2024-03-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268854", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", title: "Vulnerability description", }, { category: "summary", text: "jose-go: improper handling of highly compressed data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28180", }, { category: "external", summary: "RHBZ#2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28180", url: "https://www.cve.org/CVERecord?id=CVE-2024-28180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", }, { category: "external", summary: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", url: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", }, ], release_date: "2024-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose-go: improper handling of highly compressed data", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-28863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-06-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2293200", }, ], notes: [ { category: "description", text: "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28863", }, { category: "external", summary: "RHBZ#2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28863", url: "https://www.cve.org/CVERecord?id=CVE-2024-28863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", }, { category: "external", summary: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", url: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240524-0005/", url: "https://security.netapp.com/advisory/ntap-20240524-0005/", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", }, { cve: "CVE-2024-29018", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270591", }, ], notes: [ { category: "description", text: "A vulnerability was found in Moby due to excessive data output in external DNS requests from \"internal\" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource transfer between spheres through specially crafted requests.", title: "Vulnerability description", }, { category: "summary", text: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29018", }, { category: "external", summary: "RHBZ#2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29018", url: "https://www.cve.org/CVERecord?id=CVE-2024-29018", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", }, { category: "external", summary: "https://github.com/moby/moby/pull/46609", url: "https://github.com/moby/moby/pull/46609", }, { category: "external", summary: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", url: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", }, ], release_date: "2024-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
RHSA-2024:7624
Vulnerability from csaf_redhat
Published
2024-10-03 11:22
Modified
2025-04-08 19:30
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update
Notes
Topic
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.
Enhancement:
While creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.\n\nEnhancement: \n\nWhile creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)\n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7624", url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2276934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276934", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "2314151", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314151", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7624.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update", tracking: { current_release_date: "2025-04-08T19:30:33+00:00", generator: { date: "2025-04-08T19:30:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7624", initial_release_date: "2024-10-03T11:22:37+00:00", revision_history: [ { date: "2024-10-03T11:22:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-03T11:22:37+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-08T19:30:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHODF 4.14 for RHEL 9", product: { name: "RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_data_foundation:4.14::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Data Foundation", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_id: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256?arch=amd64&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_id: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_id: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_id: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_id: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_id: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_id: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_id: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_id: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_id: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_id: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00?arch=amd64&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_id: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_id: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_id: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274?arch=amd64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_id: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d?arch=amd64&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_id: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018?arch=amd64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_id: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022?arch=amd64&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_id: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef?arch=amd64&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_id: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598?arch=amd64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_id: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88?arch=amd64&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_id: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b?arch=s390x&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_id: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_id: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_id: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_id: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_id: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_id: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_id: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_id: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_id: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_id: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7?arch=s390x&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6?arch=s390x&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_id: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_id: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_id: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8?arch=s390x&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_id: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01?arch=s390x&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_id: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76?arch=s390x&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_id: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f?arch=s390x&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_id: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316?arch=s390x&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_id: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374?arch=s390x&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_id: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088?arch=s390x&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_id: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b?arch=ppc64le&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_id: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_id: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_id: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_id: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_id: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_id: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_id: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_id: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_id: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_id: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_id: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_id: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_id: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_id: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_id: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_id: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_id: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_id: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_id: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86?arch=ppc64le&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_id: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_id: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_id: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_id: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_id: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36?arch=arm64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_id: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f?arch=arm64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_id: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8?arch=arm64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_id: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed?arch=arm64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", }, product_reference: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", }, product_reference: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", }, product_reference: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", }, product_reference: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", }, product_reference: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", }, product_reference: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", }, product_reference: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", }, product_reference: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", }, product_reference: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", }, product_reference: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", }, product_reference: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", }, product_reference: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", }, product_reference: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", }, product_reference: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", }, product_reference: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", }, product_reference: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", }, product_reference: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", }, product_reference: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", }, product_reference: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", }, product_reference: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", }, product_reference: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", }, product_reference: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", }, product_reference: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", }, product_reference: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", }, product_reference: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", }, product_reference: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", }, product_reference: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", }, product_reference: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", }, product_reference: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", }, product_reference: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", }, product_reference: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", }, product_reference: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2024-6104", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2024-06-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2294000", }, ], notes: [ { category: "description", text: "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.", title: "Vulnerability description", }, { category: "summary", text: "go-retryablehttp: url might write sensitive information to log file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6104", }, { category: "external", summary: "RHBZ#2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6104", url: "https://www.cve.org/CVERecord?id=CVE-2024-6104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", }, ], release_date: "2024-06-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "go-retryablehttp: url might write sensitive information to log file", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-41818", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-29T16:24:42+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2300499", }, ], notes: [ { category: "description", text: "A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "fast-xml-parser: ReDOS at currency parsing in currency.js", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has decided to rate this vulnerability as Important due to the potential loss of Availability and the low complexity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41818", }, { category: "external", summary: "RHBZ#2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41818", url: "https://www.cve.org/CVERecord?id=CVE-2024-41818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", url: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", url: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", url: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", }, ], release_date: "2024-07-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "fast-xml-parser: ReDOS at currency parsing in currency.js", }, ], }
rhsa-2024:4873
Vulnerability from csaf_redhat
Published
2024-07-25 15:04
Modified
2025-03-24 11:45
Summary
Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]
Notes
Topic
An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.
Security Fix(es):
* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)
* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)
* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)
* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)
* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4873", url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json", }, ], title: "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", tracking: { current_release_date: "2025-03-24T11:45:46+00:00", generator: { date: "2025-03-24T11:45:46+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:4873", initial_release_date: "2024-07-25T15:04:49+00:00", revision_history: [ { date: "2024-07-25T15:04:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-07-25T15:04:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-24T11:45:46+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat build of Apicurio Registry 2.6.1 GA", product: { name: "Red Hat build of Apicurio Registry 2.6.1 GA", product_id: "Red Hat build of Apicurio Registry 2.6.1 GA", product_identification_helper: { cpe: "cpe:/a:redhat:apicurio_registry:2.6", }, }, }, ], category: "product_family", name: "Red Hat Integration", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266921", }, ], notes: [ { category: "description", text: "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "jose4j: denial of service via specially crafted JWE", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-51775", }, { category: "external", summary: "RHBZ#2266921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266921", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-51775", url: "https://www.cve.org/CVERecord?id=CVE-2023-51775", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, ], release_date: "2024-02-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose4j: denial of service via specially crafted JWE", }, { cve: "CVE-2024-2700", cwe: { id: "CWE-526", name: "Cleartext Storage of Sensitive Information in an Environment Variable", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273281", }, ], notes: [ { category: "description", text: "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", title: "Vulnerability description", }, { category: "summary", text: "quarkus-core: Leak of local configuration properties into Quarkus applications", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-2700", }, { category: "external", summary: "RHBZ#2273281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273281", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-2700", url: "https://www.cve.org/CVERecord?id=CVE-2024-2700", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "quarkus-core: Leak of local configuration properties into Quarkus applications", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2266136", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", title: "Vulnerability description", }, { category: "summary", text: "jetty: stop accepting new connections from valid clients", title: "Vulnerability summary", }, { category: "other", text: "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22201", }, { category: "external", summary: "RHBZ#2266136", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2266136", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22201", url: "https://www.cve.org/CVERecord?id=CVE-2024-22201", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/11256", url: "https://github.com/jetty/jetty.project/issues/11256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", }, ], release_date: "2024-02-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jetty: stop accepting new connections from valid clients", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-07-25T15:04:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4873", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat build of Apicurio Registry 2.6.1 GA", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, ], }
RHSA-2024:6211
Vulnerability from csaf_redhat
Published
2024-09-03 10:05
Modified
2025-04-10 00:20
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.1
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6211", url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "OSSM-6857", url: "https://issues.redhat.com/browse/OSSM-6857", }, { category: "external", summary: "OSSM-8006", url: "https://issues.redhat.com/browse/OSSM-8006", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6211.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update", tracking: { current_release_date: "2025-04-10T00:20:52+00:00", generator: { date: "2025-04-10T00:20:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:6211", initial_release_date: "2024-09-03T10:05:20+00:00", revision_history: [ { date: "2024-09-03T10:05:20+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-03T10:05:20+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T00:20:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHOSSM 2.6 for RHEL 8", product: { name: "RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el8", }, }, }, { category: "product_name", name: "RHOSSM 2.6 for RHEL 9", product: { name: "RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.6::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_id: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_id: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_id: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_id: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_id: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_id: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", product_identification_helper: { purl: "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8&tag=1.89.0-2", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_id: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", product_identification_helper: { purl: "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_id: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", product_identification_helper: { purl: "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8&tag=2.6.1-6", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_id: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8&tag=1.89.1-3", }, }, }, { category: "product_version", name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_id: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", product_identification_helper: { purl: "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator&tag=1.89.1-1", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_id: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", product_identification_helper: { purl: "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_id: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", product_identification_helper: { purl: "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator&tag=2.6.1-9", }, }, }, { category: "product_version", name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_id: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", product_identification_helper: { purl: "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8&tag=2.6.1-7", }, }, }, { category: "product_version", name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_id: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", product_identification_helper: { purl: "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9&tag=2.6.1-4", }, }, }, { category: "product_version", name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_id: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", product_identification_helper: { purl: "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64&repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8&tag=2.6.1-6", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", }, product_reference: "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", }, product_reference: "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", }, product_reference: "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", }, product_reference: "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", }, product_reference: "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", }, product_reference: "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", }, product_reference: "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8", product_id: "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", }, product_reference: "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", relates_to_product_reference: "8Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", relates_to_product_reference: "9Base-RHOSSM-2.6", }, { category: "default_component_of", full_product_name: { name: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9", product_id: "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", }, product_reference: "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", relates_to_product_reference: "9Base-RHOSSM-2.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-4067", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280601", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.", title: "Vulnerability description", }, { category: "summary", text: "micromatch: vulnerable to Regular Expression Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4067", }, { category: "external", summary: "RHBZ#2280601", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280601", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4067", url: "https://www.cve.org/CVERecord?id=CVE-2024-4067", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", }, { category: "external", summary: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", url: "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", }, { category: "external", summary: "https://github.com/micromatch/micromatch/issues/243", url: "https://github.com/micromatch/micromatch/issues/243", }, { category: "external", summary: "https://github.com/micromatch/micromatch/pull/247", url: "https://github.com/micromatch/micromatch/pull/247", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "micromatch: vulnerable to Regular Expression Denial of Service", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-03T10:05:20+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6211", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024_7624
Vulnerability from csaf_redhat
Published
2024-10-03 11:22
Modified
2024-12-18 04:38
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update
Notes
Topic
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.
Enhancement:
While creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.\n\nEnhancement: \n\nWhile creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)\n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7624", url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2276934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2276934", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "2314151", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314151", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7624.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update", tracking: { current_release_date: "2024-12-18T04:38:01+00:00", generator: { date: "2024-12-18T04:38:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:7624", initial_release_date: "2024-10-03T11:22:37+00:00", revision_history: [ { date: "2024-10-03T11:22:37+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-03T11:22:37+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T04:38:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "RHODF 4.14 for RHEL 9", product: { name: "RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_data_foundation:4.14::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Data Foundation", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_id: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256?arch=amd64&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_id: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_id: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_id: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_id: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d?arch=amd64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_id: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_id: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_id: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_id: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_id: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_id: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00?arch=amd64&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872?arch=amd64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_id: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_id: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_id: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274?arch=amd64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_id: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d?arch=amd64&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_id: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018?arch=amd64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_id: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022?arch=amd64&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_id: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef?arch=amd64&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_id: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598?arch=amd64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_id: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88?arch=amd64&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_id: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b?arch=s390x&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_id: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_id: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_id: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_id: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64?arch=s390x&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_id: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_id: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_id: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_id: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_id: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_id: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7?arch=s390x&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6?arch=s390x&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_id: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_id: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_id: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8?arch=s390x&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_id: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01?arch=s390x&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_id: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76?arch=s390x&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_id: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f?arch=s390x&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_id: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316?arch=s390x&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_id: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374?arch=s390x&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_id: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088?arch=s390x&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_id: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b?arch=ppc64le&repository_url=registry.redhat.io/odf4/cephcsi-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_id: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_id: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_id: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_id: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd?arch=ppc64le&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_id: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_id: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_id: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_id: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9&tag=v4.14.11-2", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_id: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_id: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_id: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_id: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_id: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_id: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_id: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_id: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_id: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_id: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_id: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_id: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=v4.14.11-3", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_id: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_id: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86?arch=ppc64le&repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator&tag=v4.14.11-2", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_id: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", product_identification_helper: { purl: "pkg:oci/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-cli-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_id: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", product_identification_helper: { purl: "pkg:oci/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-core-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_id: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", product_identification_helper: { purl: "pkg:oci/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d?arch=arm64&repository_url=registry.redhat.io/odf4/mcg-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_id: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", product_identification_helper: { purl: "pkg:oci/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_id: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", product_identification_helper: { purl: "pkg:oci/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1?arch=arm64&repository_url=registry.redhat.io/odf4/ocs-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_id: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_id: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", product_identification_helper: { purl: "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461?arch=arm64&repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_id: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36?arch=arm64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_id: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", product_identification_helper: { purl: "pkg:oci/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f?arch=arm64&repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_id: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", product_identification_helper: { purl: "pkg:oci/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8?arch=arm64&repository_url=registry.redhat.io/odf4/odf-rhel9-operator&tag=v4.14.11-1", }, }, }, { category: "product_version", name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_id: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", product_identification_helper: { purl: "pkg:oci/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed?arch=arm64&repository_url=registry.redhat.io/odf4/odr-rhel9-operator&tag=v4.14.11-1", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", }, product_reference: "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", }, product_reference: "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", }, product_reference: "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", }, product_reference: "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", }, product_reference: "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", }, product_reference: "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", }, product_reference: "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", }, product_reference: "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", }, product_reference: "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", }, product_reference: "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", }, product_reference: "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", }, product_reference: "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", }, product_reference: "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", }, product_reference: "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", }, product_reference: "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", }, product_reference: "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", }, product_reference: "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", }, product_reference: "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", }, product_reference: "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", }, product_reference: "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", }, product_reference: "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", }, product_reference: "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", }, product_reference: "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", }, product_reference: "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", }, product_reference: "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", }, product_reference: "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", }, product_reference: "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", }, product_reference: "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", }, product_reference: "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", }, product_reference: "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", }, product_reference: "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", }, product_reference: "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", }, product_reference: "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", }, product_reference: "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", }, product_reference: "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", }, product_reference: "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", }, product_reference: "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", }, product_reference: "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", }, product_reference: "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", }, product_reference: "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", }, product_reference: "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", }, product_reference: "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", }, product_reference: "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", }, product_reference: "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", }, product_reference: "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", }, product_reference: "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64 as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", relates_to_product_reference: "9Base-RHODF-4.14", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x as a component of RHODF 4.14 for RHEL 9", product_id: "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", }, product_reference: "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", relates_to_product_reference: "9Base-RHODF-4.14", }, ], }, vulnerabilities: [ { cve: "CVE-2024-6104", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, discovery_date: "2024-06-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2294000", }, ], notes: [ { category: "description", text: "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.", title: "Vulnerability description", }, { category: "summary", text: "go-retryablehttp: url might write sensitive information to log file", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6104", }, { category: "external", summary: "RHBZ#2294000", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6104", url: "https://www.cve.org/CVERecord?id=CVE-2024-6104", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", }, ], release_date: "2024-06-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "go-retryablehttp: url might write sensitive information to log file", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-41818", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-07-29T16:24:42+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2300499", }, ], notes: [ { category: "description", text: "A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "fast-xml-parser: ReDOS at currency parsing in currency.js", title: "Vulnerability summary", }, { category: "other", text: "Red Hat has decided to rate this vulnerability as Important due to the potential loss of Availability and the low complexity.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], known_not_affected: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-41818", }, { category: "external", summary: "RHBZ#2300499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2300499", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-41818", url: "https://www.cve.org/CVERecord?id=CVE-2024-41818", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", url: "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", url: "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", }, { category: "external", summary: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", url: "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", }, ], release_date: "2024-07-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-10-03T11:22:37+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7624", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "fast-xml-parser: ReDOS at currency parsing in currency.js", }, ], }
RHSA-2024:7164
Vulnerability from csaf_redhat
Published
2024-09-26 03:46
Modified
2025-04-10 00:21
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.8.4 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* axios: axios: Server-Side Request Forgery (CVE-2024-39338)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)
* containers/image: digest type does not guarantee valid type (CVE-2024-3727)
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "The Migration Toolkit for Containers (MTC) 1.8.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)\n\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:7164", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "2299624", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299624", }, { category: "external", summary: "2299625", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299625", }, { category: "external", summary: "2299628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299628", }, { category: "external", summary: "2299668", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2299668", }, { category: "external", summary: "MIG-1592", url: "https://issues.redhat.com/browse/MIG-1592", }, { category: "external", summary: "MIG-1593", url: "https://issues.redhat.com/browse/MIG-1593", }, { category: "external", summary: "MIG-1598", url: "https://issues.redhat.com/browse/MIG-1598", }, { category: "external", summary: "MIG-1610", url: "https://issues.redhat.com/browse/MIG-1610", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7164.json", }, ], title: "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update", tracking: { current_release_date: "2025-04-10T00:21:07+00:00", generator: { date: "2025-04-10T00:21:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:7164", initial_release_date: "2024-09-26T03:46:53+00:00", revision_history: [ { date: "2024-09-26T03:46:53+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-26T03:46:53+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-10T00:21:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "8Base-RHMTC-1.8", product: { name: "8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8", product_identification_helper: { cpe: "cpe:/a:redhat:rhmt:1.8::el8", }, }, }, ], category: "product_family", name: "Red Hat Migration Toolkit", }, { branches: [ { category: "product_version", name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_id: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8&tag=v1.8.4-22", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_id: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8&tag=v1.8.4-8", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_id: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_id: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_id: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_id: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator&tag=v1.8.4-16", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_id: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle&tag=v1.8.4-33", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_id: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8&tag=v1.8.4-11", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_id: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8&tag=v1.8.4-9", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_id: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8&tag=v1.8.4-10", }, }, }, { category: "product_version", name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_id: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", product_identification_helper: { purl: "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9?arch=amd64&repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8&tag=v1.8.4-9", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", }, product_reference: "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", }, product_reference: "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", }, product_reference: "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", }, product_reference: "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", }, product_reference: "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", }, product_reference: "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", }, product_reference: "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", }, product_reference: "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", }, product_reference: "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", }, product_reference: "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, { category: "default_component_of", full_product_name: { name: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64 as a component of 8Base-RHMTC-1.8", product_id: "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", }, product_reference: "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", relates_to_product_reference: "8Base-RHMTC-1.8", }, ], }, vulnerabilities: [ { cve: "CVE-2019-25211", cwe: { id: "CWE-346", name: "Origin Validation Error", }, discovery_date: "2024-07-02T21:00:45+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295302", }, ], notes: [ { category: "description", text: "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.", title: "Vulnerability description", }, { category: "summary", text: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-25211", }, { category: "external", summary: "RHBZ#2295302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295302", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-25211", url: "https://www.cve.org/CVERecord?id=CVE-2019-25211", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", }, { category: "external", summary: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", url: "https://github.com/advisories/GHSA-869c-j7wc-8jqv", }, { category: "external", summary: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", url: "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", }, { category: "external", summary: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", url: "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/106", url: "https://github.com/gin-contrib/cors/pull/106", }, { category: "external", summary: "https://github.com/gin-contrib/cors/pull/57", url: "https://github.com/gin-contrib/cors/pull/57", }, { category: "external", summary: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", url: "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", }, ], release_date: "2024-07-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", }, { acknowledgments: [ { names: [ "Bartek Nowotarski", ], organization: "nowotarski.info", }, ], cve: "CVE-2023-45288", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-03-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268273", }, ], notes: [ { category: "description", text: "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the “Affected Packages and Issued Red Hat Security Errata” section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45288", }, { category: "external", summary: "RHBZ#2268273", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45288", url: "https://www.cve.org/CVERecord?id=CVE-2023-45288", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", }, { category: "external", summary: "https://nowotarski.info/http2-continuation-flood/", url: "https://nowotarski.info/http2-continuation-flood/", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2687", url: "https://pkg.go.dev/vuln/GO-2024-2687", }, { category: "external", summary: "https://www.kb.cert.org/vuls/id/421644", url: "https://www.kb.cert.org/vuls/id/421644", }, ], release_date: "2024-04-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", }, { cve: "CVE-2023-45289", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-05T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268018", }, ], notes: [ { category: "description", text: "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-45289", }, { category: "external", summary: "RHBZ#2268018", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-45289", url: "https://www.cve.org/CVERecord?id=CVE-2023-45289", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", }, ], release_date: "2024-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", }, { cve: "CVE-2024-3727", cwe: { id: "CWE-354", name: "Improper Validation of Integrity Check Value", }, discovery_date: "2024-04-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2274767", }, ], notes: [ { category: "description", text: "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", title: "Vulnerability description", }, { category: "summary", text: "containers/image: digest type does not guarantee valid type", title: "Vulnerability summary", }, { category: "other", text: "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-3727", }, { category: "external", summary: "RHBZ#2274767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-3727", url: "https://www.cve.org/CVERecord?id=CVE-2024-3727", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", }, ], release_date: "2024-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "containers/image: digest type does not guarantee valid type", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, discovery_date: "2024-05-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2280600", }, ], notes: [ { category: "description", text: "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "Vulnerability description", }, { category: "summary", text: "braces: fails to limit the number of characters it can handle", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "RHBZ#2280600", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2280600", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-4068", url: "https://www.cve.org/CVERecord?id=CVE-2024-4068", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", }, { category: "external", summary: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", url: "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", }, { category: "external", summary: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", url: "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", }, { category: "external", summary: "https://github.com/micromatch/braces/issues/35", url: "https://github.com/micromatch/braces/issues/35", }, ], release_date: "2024-03-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "braces: fails to limit the number of characters it can handle", }, { cve: "CVE-2024-24788", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-05-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2279814", }, ], notes: [ { category: "description", text: "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", title: "Vulnerability description", }, { category: "summary", text: "golang: net: malformed DNS message can cause infinite loop", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24788", }, { category: "external", summary: "RHBZ#2279814", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24788", url: "https://www.cve.org/CVERecord?id=CVE-2024-24788", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-2824", url: "https://pkg.go.dev/vuln/GO-2024-2824", }, ], release_date: "2024-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net: malformed DNS message can cause infinite loop", }, { cve: "CVE-2024-28180", cwe: { id: "CWE-409", name: "Improper Handling of Highly Compressed Data (Data Amplification)", }, discovery_date: "2024-03-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2268854", }, ], notes: [ { category: "description", text: "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", title: "Vulnerability description", }, { category: "summary", text: "jose-go: improper handling of highly compressed data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28180", }, { category: "external", summary: "RHBZ#2268854", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2268854", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28180", url: "https://www.cve.org/CVERecord?id=CVE-2024-28180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", }, { category: "external", summary: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", url: "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", }, ], release_date: "2024-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jose-go: improper handling of highly compressed data", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2024-03-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2269576", }, ], notes: [ { category: "description", text: "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "follow-redirects: Possible credential leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28849", }, { category: "external", summary: "RHBZ#2269576", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2269576", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28849", url: "https://www.cve.org/CVERecord?id=CVE-2024-28849", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", url: "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", }, ], release_date: "2024-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "follow-redirects: Possible credential leak", }, { cve: "CVE-2024-28863", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-06-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2293200", }, ], notes: [ { category: "description", text: "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", title: "Vulnerability description", }, { category: "summary", text: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-28863", }, { category: "external", summary: "RHBZ#2293200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2293200", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-28863", url: "https://www.cve.org/CVERecord?id=CVE-2024-28863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", }, { category: "external", summary: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", url: "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", }, { category: "external", summary: "https://security.netapp.com/advisory/ntap-20240524-0005/", url: "https://security.netapp.com/advisory/ntap-20240524-0005/", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", }, { cve: "CVE-2024-29018", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270591", }, ], notes: [ { category: "description", text: "A vulnerability was found in Moby due to excessive data output in external DNS requests from \"internal\" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource transfer between spheres through specially crafted requests.", title: "Vulnerability description", }, { category: "summary", text: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29018", }, { category: "external", summary: "RHBZ#2270591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270591", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29018", url: "https://www.cve.org/CVERecord?id=CVE-2024-29018", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", }, { category: "external", summary: "https://github.com/moby/moby/pull/46609", url: "https://github.com/moby/moby/pull/46609", }, { category: "external", summary: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", url: "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", }, ], release_date: "2024-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "moby: external DNS requests from 'internal' networks could lead to data exfiltration", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, discovery_date: "2024-06-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2290901", }, ], notes: [ { category: "description", text: "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", title: "Vulnerability description", }, { category: "summary", text: "express: cause malformed URLs to be evaluated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29041", }, { category: "external", summary: "RHBZ#2290901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2290901", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29041", url: "https://www.cve.org/CVERecord?id=CVE-2024-29041", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { category: "external", summary: "https://expressjs.com/en/4x/api.html#res.location", url: "https://expressjs.com/en/4x/api.html#res.location", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { category: "external", summary: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { category: "external", summary: "https://github.com/expressjs/express/pull/5539", url: "https://github.com/expressjs/express/pull/5539", }, { category: "external", summary: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { category: "external", summary: "https://github.com/koajs/koa/issues/1800", url: "https://github.com/koajs/koa/issues/1800", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "express: cause malformed URLs to be evaluated", }, { cve: "CVE-2024-29180", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2024-03-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2270863", }, ], notes: [ { category: "description", text: "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", title: "Vulnerability description", }, { category: "summary", text: "webpack-dev-middleware: lack of URL validation may lead to file leak", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29180", }, { category: "external", summary: "RHBZ#2270863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2270863", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29180", url: "https://www.cve.org/CVERecord?id=CVE-2024-29180", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", }, { category: "external", summary: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", url: "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", }, ], release_date: "2024-03-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "webpack-dev-middleware: lack of URL validation may lead to file leak", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], known_not_affected: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-26T03:46:53+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
ncsc-2025-0026
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:34
Modified
2025-01-22 13:34
Summary
Kwetsbaarheden verholpen in Oracle JD Edwards
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (specifiek voor versies prior tot 9.2.9.2).
Interpretaties
De kwetsbaarheden in Oracle JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde kwaadwillenden in staat om het systeem te compromitteren via HTTP-verzoeken. Dit kan leiden tot ongeautoriseerde toegang tot kritieke gegevens en gegevenswijzigingen.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-222
Truncation of Security-relevant Information
CWE-328
Use of Weak Hash
CWE-126
Buffer Over-read
CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-354
Improper Validation of Integrity Check Value
CWE-552
Files or Directories Accessible to External Parties
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-787
Out-of-bounds Write
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-606
Unchecked Input for Loop Condition
CWE-1322
Use of Blocking Code in Single-threaded, Non-blocking Context
CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-325
Missing Cryptographic Step
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-476
NULL Pointer Dereference
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-502
Deserialization of Untrusted Data
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (specifiek voor versies prior tot 9.2.9.2).", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden in Oracle JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde kwaadwillenden in staat om het systeem te compromitteren via HTTP-verzoeken. Dit kan leiden tot ongeautoriseerde toegang tot kritieke gegevens en gegevenswijzigingen.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Creation of Temporary File in Directory with Insecure Permissions", title: "CWE-379", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Use of Blocking Code in Single-threaded, Non-blocking Context", title: "CWE-1322", }, { category: "general", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle JD Edwards", tracking: { current_release_date: "2025-01-22T13:34:42.937250Z", id: "NCSC-2025-0026", initial_release_date: "2025-01-22T13:34:42.937250Z", revision_history: [ { date: "2025-01-22T13:34:42.937250Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "jd_edwards_enterpriseone_orchestrator", product: { name: "jd_edwards_enterpriseone_orchestrator", product_id: "CSAFPID-266143", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_orchestrator", product: { name: "jd_edwards_enterpriseone_orchestrator", product_id: "CSAFPID-1751193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.9.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_orchestrator", product: { name: "jd_edwards_enterpriseone_orchestrator", product_id: "CSAFPID-1751158", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:prior_to_9.2.9.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-266526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-611382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-1751099", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-1751092", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.9.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-1650738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:prior_to_9.2.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-1751123", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:prior_to_9.2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_enterpriseone_tools", product: { name: "jd_edwards_enterpriseone_tools", product_id: "CSAFPID-1751154", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:prior_to_9.2.9.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jd_edwards_world_security", product: { name: "jd_edwards_world_security", product_id: "CSAFPID-41391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "other", text: "Creation of Temporary File in Directory with Insecure Permissions", title: "CWE-379", }, ], product_status: { known_affected: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-611382", "CSAFPID-41391", "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-611382", "CSAFPID-41391", "CSAFPID-1751123", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-3961", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2023-3961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3961.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2023-3961", }, { cve: "CVE-2023-4091", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, { category: "other", text: "Improper Handling of Insufficient Permissions or Privileges ", title: "CWE-280", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2023-4091", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4091.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2023-4091", }, { cve: "CVE-2023-4782", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2023-4782", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4782.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2023-4782", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-41391", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-41391", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-1751123", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-38552", cwe: { id: "CWE-354", name: "Improper Validation of Integrity Check Value", }, notes: [ { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1650738", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2023-38552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38552.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1650738", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, ], title: "CVE-2023-38552", }, { cve: "CVE-2023-39017", product_status: { known_affected: [ "CSAFPID-611382", ], }, references: [ { category: "self", summary: "CVE-2023-39017", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39017.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-611382", ], }, ], title: "CVE-2023-39017", }, { cve: "CVE-2023-42669", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Use of Blocking Code in Single-threaded, Non-blocking Context", title: "CWE-1322", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2023-42669", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42669.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2023-42669", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "other", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751123", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751123", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-21245", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2024-21245", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21245.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2024-21245", }, { cve: "CVE-2024-22019", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1751154", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", ], }, references: [ { category: "self", summary: "CVE-2024-22019", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", ], }, ], title: "CVE-2024-22019", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-27280", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Buffer Over-read", title: "CWE-126", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-27280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27280.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2024-27280", }, { cve: "CVE-2024-27281", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", title: "CWE-74", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-27281", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27281.json", }, ], title: "CVE-2024-27281", }, { cve: "CVE-2024-27282", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-27282", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27282.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2024-27282", }, { cve: "CVE-2024-27983", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650738", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-27983", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1650738", "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-29041", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "other", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, ], product_status: { known_affected: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2024-29041", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29041.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-266143", "CSAFPID-266526", "CSAFPID-41391", "CSAFPID-1751154", ], }, ], title: "CVE-2024-29041", }, { cve: "CVE-2025-21507", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21507", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21507.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21507", }, { cve: "CVE-2025-21508", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21508", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21508.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21508", }, { cve: "CVE-2025-21509", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21509", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21509.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21509", }, { cve: "CVE-2025-21510", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21510", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21510.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21510", }, { cve: "CVE-2025-21511", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21511", }, { cve: "CVE-2025-21512", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21512", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21512.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21512", }, { cve: "CVE-2025-21513", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21513.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21513", }, { cve: "CVE-2025-21514", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21514", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21514.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21514", }, { cve: "CVE-2025-21515", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21515", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21515.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21515", }, { cve: "CVE-2025-21517", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21517", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21517.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21517", }, { cve: "CVE-2025-21524", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21524", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21524.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21524", }, { cve: "CVE-2025-21527", product_status: { known_affected: [ "CSAFPID-1751123", ], }, references: [ { category: "self", summary: "CVE-2025-21527", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21527.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751123", ], }, ], title: "CVE-2025-21527", }, { cve: "CVE-2025-21538", product_status: { known_affected: [ "CSAFPID-1751154", ], }, references: [ { category: "self", summary: "CVE-2025-21538", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21538.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751154", ], }, ], title: "CVE-2025-21538", }, { cve: "CVE-2025-21552", product_status: { known_affected: [ "CSAFPID-1751158", ], }, references: [ { category: "self", summary: "CVE-2025-21552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21552.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751158", ], }, ], title: "CVE-2025-21552", }, ], }
fkie_cve-2024-29041
Vulnerability from fkie_nvd
Published
2024-03-25 21:15
Modified
2024-11-21 09:07
Severity ?
Summary
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", }, { lang: "es", value: "El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirección utilizando una URL proporcionada por el usuario, Express realiza una codificación [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicación`. Esto puede hacer que las URL con formato incorrecto se evalúen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento común en aplicaciones Express, lo que lleva a una redirección abierta al omitir una lista permitida implementada correctamente. El método principal afectado es `res.location()` pero también se llama desde `res.redirect()`. La vulnerabilidad se solucionó en 4.19.2 y 5.0.0-beta.3.", }, ], id: "CVE-2024-29041", lastModified: "2024-11-21T09:07:26.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-03-25T21:15:46.847", references: [ { source: "security-advisories@github.com", url: "https://expressjs.com/en/4x/api.html#res.location", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/pull/5539", }, { source: "security-advisories@github.com", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { source: "security-advisories@github.com", url: "https://github.com/koajs/koa/issues/1800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://expressjs.com/en/4x/api.html#res.location", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/expressjs/express/pull/5539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/koajs/koa/issues/1800", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, { lang: "en", value: "CWE-1286", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
ghsa-rv95-896h-c2vc
Vulnerability from github
Published
2024-03-25 19:40
Modified
2024-03-25 22:24
Severity ?
Summary
Express.js Open Redirect in malformed URLs
Details
Impact
Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.
When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.
The main method impacted is res.location() but this is also called from within res.redirect().
Patches
https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
An initial fix went out with express@4.19.0, we then patched a feature regression in 4.19.1 and added improved handling for the bypass in 4.19.2.
Workarounds
The fix for this involves pre-parsing the url string with either require('node:url').parse or new URL. These are steps you can take on your own before passing the user input string to res.location or res.redirect.
References
https://github.com/expressjs/express/pull/5539 https://github.com/koajs/koa/issues/1800 https://expressjs.com/en/4x/api.html#res.location
{ affected: [ { package: { ecosystem: "npm", name: "express", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "4.19.2", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "express", }, ranges: [ { events: [ { introduced: "5.0.0-alpha.1", }, { fixed: "5.0.0-beta.3", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-29041", ], database_specific: { cwe_ids: [ "CWE-1286", "CWE-601", ], github_reviewed: true, github_reviewed_at: "2024-03-25T19:40:26Z", nvd_published_at: "2024-03-25T21:15:46Z", severity: "MODERATE", }, details: "### Impact\n\nVersions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.\n\nWhen a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.\n\nThe main method impacted is `res.location()` but this is also called from within `res.redirect()`.\n\n### Patches\n\nhttps://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\nhttps://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\n\nAn initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`.\n\n### Workarounds\n\nThe fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`.\n\n### References\n\nhttps://github.com/expressjs/express/pull/5539\nhttps://github.com/koajs/koa/issues/1800\nhttps://expressjs.com/en/4x/api.html#res.location", id: "GHSA-rv95-896h-c2vc", modified: "2024-03-25T22:24:57Z", published: "2024-03-25T19:40:26Z", references: [ { type: "WEB", url: "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", }, { type: "WEB", url: "https://github.com/koajs/koa/issues/1800", }, { type: "WEB", url: "https://github.com/expressjs/express/pull/5539", }, { type: "WEB", url: "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", }, { type: "WEB", url: "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", }, { type: "WEB", url: "https://expressjs.com/en/4x/api.html#res.location", }, { type: "PACKAGE", url: "https://github.com/expressjs/express", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", type: "CVSS_V3", }, ], summary: "Express.js Open Redirect in malformed URLs", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.