Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-29041
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29041", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-26T13:59:28.274744Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:57:16.909Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://expressjs.com/en/4x/api.html#res.location" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "express", "vendor": "expressjs", "versions": [ { "status": "affected", "version": "\u003e=4.14.0, \u003c4.19.0" }, { "status": "affected", "version": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1286", "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T20:20:06.205Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "tags": [ "x_refsource_MISC" ], "url": "https://expressjs.com/en/4x/api.html#res.location" } ], "source": { "advisory": "GHSA-rv95-896h-c2vc", "discovery": "UNKNOWN" }, "title": "Express.js Open Redirect in malformed URLs" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-29041", "datePublished": "2024-03-25T20:20:06.205Z", "dateReserved": "2024-03-14T16:59:47.614Z", "dateUpdated": "2024-08-02T01:03:51.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-29041\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-25T21:15:46.847\",\"lastModified\":\"2024-11-21T09:07:26.023\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.\"},{\"lang\":\"es\",\"value\":\"El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirecci\u00f3n utilizando una URL proporcionada por el usuario, Express realiza una codificaci\u00f3n [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicaci\u00f3n`. Esto puede hacer que las URL con formato incorrecto se eval\u00faen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento com\u00fan en aplicaciones Express, lo que lleva a una redirecci\u00f3n abierta al omitir una lista permitida implementada correctamente. El m\u00e9todo principal afectado es `res.location()` pero tambi\u00e9n se llama desde `res.redirect()`. La vulnerabilidad se solucion\u00f3 en 4.19.2 y 5.0.0-beta.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"},{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"references\":[{\"url\":\"https://expressjs.com/en/4x/api.html#res.location\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/pull/5539\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/koajs/koa/issues/1800\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://expressjs.com/en/4x/api.html#res.location\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/pull/5539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/koajs/koa/issues/1800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
rhsa-2024_4873
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This release of Red Hat build of Apicurio Registry 2.6.1 GA includes the following security fixes.\n\nSecurity Fix(es):\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak [rhint-serv-2] (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated [rhint-serv-2](CVE-2024-29041)\n\n* jetty: stop accepting new connections from valid clients [rhint-serv-2] (CVE-2024-22201)\n\n* jose4j: denial of service via specially crafted JWE [rhint-serv-2] (CVE-2023-51775)\n\n* quarkus-core: Leak of local configuration properties into Quarkus applications [rhint-serv-2] (CVE-2024-2700)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4873", "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4873.json" } ], "title": "Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]", "tracking": { "current_release_date": "2024-12-18T04:36:56+00:00", "generator": { "date": "2024-12-18T04:36:56+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:4873", "initial_release_date": "2024-07-25T15:04:49+00:00", "revision_history": [ { "date": "2024-07-25T15:04:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-25T15:04:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:36:56+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product": { "name": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_id": "Red Hat build of Apicurio Registry 2.6.1 GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:apicurio_registry:2.6" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51775", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266921" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose4j: denial of service via specially crafted JWE", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51775" }, { "category": "external", "summary": "RHBZ#2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775" } ], "release_date": "2024-02-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose4j: denial of service via specially crafted JWE" }, { "cve": "CVE-2024-2700", "cwe": { "id": "CWE-526", "name": "Cleartext Storage of Sensitive Information in an Environment Variable" }, "discovery_date": "2024-04-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2273281" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application\u0027s build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.", "title": "Vulnerability description" }, { "category": "summary", "text": "quarkus-core: Leak of local configuration properties into Quarkus applications", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a Moderate impact vulnerability since this requires an attacker to have direct access to the environment variables to override, and the application must use that environment variable to be jeopardized.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-2700" }, { "category": "external", "summary": "RHBZ#2273281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273281" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2700", "url": "https://www.cve.org/CVERecord?id=CVE-2024-2700" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2700" } ], "release_date": "2024-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Currently, no mitigation is available for this vulnerability. Please update as the patches become available.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "quarkus-core: Leak of local configuration properties into Quarkus applications" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T15:04:49+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4873" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apicurio Registry 2.6.1 GA" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
rhsa-2024_3868
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:3868", "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "NETOBSERV-1279", "url": "https://issues.redhat.com/browse/NETOBSERV-1279" }, { "category": "external", "summary": "NETOBSERV-1408", "url": "https://issues.redhat.com/browse/NETOBSERV-1408" }, { "category": "external", "summary": "NETOBSERV-1424", "url": "https://issues.redhat.com/browse/NETOBSERV-1424" }, { "category": "external", "summary": "NETOBSERV-1453", "url": "https://issues.redhat.com/browse/NETOBSERV-1453" }, { "category": "external", "summary": "NETOBSERV-1459", "url": "https://issues.redhat.com/browse/NETOBSERV-1459" }, { "category": "external", "summary": "NETOBSERV-1462", "url": "https://issues.redhat.com/browse/NETOBSERV-1462" }, { "category": "external", "summary": "NETOBSERV-1544", "url": "https://issues.redhat.com/browse/NETOBSERV-1544" }, { "category": "external", "summary": "NETOBSERV-1598", "url": "https://issues.redhat.com/browse/NETOBSERV-1598" }, { "category": "external", "summary": "NETOBSERV-1606", "url": "https://issues.redhat.com/browse/NETOBSERV-1606" }, { "category": "external", "summary": "NETOBSERV-1607", "url": "https://issues.redhat.com/browse/NETOBSERV-1607" }, { "category": "external", "summary": "NETOBSERV-1621", "url": "https://issues.redhat.com/browse/NETOBSERV-1621" }, { "category": "external", "summary": "NETOBSERV-1630", "url": "https://issues.redhat.com/browse/NETOBSERV-1630" }, { "category": "external", "summary": "NETOBSERV-1647", "url": "https://issues.redhat.com/browse/NETOBSERV-1647" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json" } ], "title": "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift", "tracking": { "current_release_date": "2024-12-18T04:35:48+00:00", "generator": { "date": "2024-12-18T04:35:48+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:3868", "initial_release_date": "2024-06-17T00:43:37+00:00", "revision_history": [ { "date": "2024-06-17T00:43:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-06-17T00:43:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:35:48+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "NETOBSERV 1.6 for RHEL 9", "product": { "name": "NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9" } } } ], "category": "product_family", "name": "Network Observability" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_id": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_id": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_id": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_id": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_id": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_id": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_id": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39326", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2253330" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39326" }, { "category": "external", "summary": "RHBZ#2253330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2382", "url": "https://pkg.go.dev/vuln/GO-2023-2382" } ], "release_date": "2023-12-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "No mitigation is available for this flaw.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests" }, { "cve": "CVE-2023-42282", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2265161" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ip: arbitrary code execution via the isPublic() function", "title": "Vulnerability summary" }, { "category": "other", "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-42282" }, { "category": "external", "summary": "RHBZ#2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282" }, { "category": "external", "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html" } ], "release_date": "2024-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs-ip: arbitrary code execution via the isPublic() function" }, { "cve": "CVE-2023-45289", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45289" }, { "category": "external", "summary": "RHBZ#2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect" }, { "cve": "CVE-2023-45290", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268017" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45290" }, { "category": "external", "summary": "RHBZ#2268017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://go.dev/cl/569341", "url": "https://go.dev/cl/569341" }, { "category": "external", "summary": "https://go.dev/issue/65383", "url": "https://go.dev/issue/65383" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2599", "url": "https://pkg.go.dev/vuln/GO-2024-2599" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0004", "url": "https://security.netapp.com/advisory/ntap-20240329-0004" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm" }, { "cve": "CVE-2024-24783", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268019" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24783" }, { "category": "external", "summary": "RHBZ#2268019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp" }, { "category": "external", "summary": "https://go.dev/cl/569339", "url": "https://go.dev/cl/569339" }, { "category": "external", "summary": "https://go.dev/issue/65390", "url": "https://go.dev/issue/65390" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2598", "url": "https://pkg.go.dev/vuln/GO-2024-2598" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240329-0005", "url": "https://security.netapp.com/advisory/ntap-20240329-0005" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm" }, { "cve": "CVE-2024-24785", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "discovery_date": "2024-03-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268022" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24785" }, { "category": "external", "summary": "RHBZ#2268022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785" }, { "category": "external", "summary": "https://go.dev/cl/564196", "url": "https://go.dev/cl/564196" }, { "category": "external", "summary": "https://go.dev/issue/65697", "url": "https://go.dev/issue/65697" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2024-2610.json", "url": "https://vuln.go.dev/ID/GO-2024-2610.json" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping" }, { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-06-17T00:43:37+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64", "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" } ] }
rhsa-2024_6211
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:6211", "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "OSSM-6857", "url": "https://issues.redhat.com/browse/OSSM-6857" }, { "category": "external", "summary": "OSSM-8006", "url": "https://issues.redhat.com/browse/OSSM-8006" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6211.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update", "tracking": { "current_release_date": "2024-12-18T05:41:09+00:00", "generator": { "date": "2024-12-18T05:41:09+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:6211", "initial_release_date": "2024-09-03T10:05:20+00:00", "revision_history": [ { "date": "2024-09-03T10:05:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-03T10:05:20+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T05:41:09+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOSSM 2.6 for RHEL 8", "product": { "name": "RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.6::el8" } } }, { "category": "product_name", "name": "RHOSSM 2.6 for RHEL 9", "product": { "name": "RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.6::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x" }, "product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8", "product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "relates_to_product_reference": "9Base-RHOSSM-2.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9", "product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" }, "product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x", "relates_to_product_reference": "9Base-RHOSSM-2.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-4067", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280601" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching.", "title": "Vulnerability description" }, { "category": "summary", "text": "micromatch: vulnerable to Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-4067" }, { "category": "external", "summary": "RHBZ#2280601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-4067", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067" }, { "category": "external", "summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/", "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448", "url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/issues/243", "url": "https://github.com/micromatch/micromatch/issues/243" }, { "category": "external", "summary": "https://github.com/micromatch/micromatch/pull/247", "url": "https://github.com/micromatch/micromatch/pull/247" } ], "release_date": "2023-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-03T10:05:20+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "micromatch: vulnerable to Regular Expression Denial of Service" }, { "cve": "CVE-2024-4068", "cwe": { "id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop" }, "discovery_date": "2024-05-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280600" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "braces: fails to limit the number of characters it can handle", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-4068" }, { "category": "external", "summary": "RHBZ#2280600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068" }, { "category": "external", "summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/" }, { "category": "external", "summary": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", "url": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308" }, { "category": "external", "summary": "https://github.com/micromatch/braces/issues/35", "url": "https://github.com/micromatch/braces/issues/35" } ], "release_date": "2024-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-03T10:05:20+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "braces: fails to limit the number of characters it can handle" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-03T10:05:20+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-39338", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-08-13T17:21:32.774718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2304369" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", "title": "Vulnerability description" }, { "category": "summary", "text": "axios: axios: Server-Side Request Forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-39338" }, { "category": "external", "summary": "RHBZ#2304369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338" }, { "category": "external", "summary": "https://github.com/axios/axios/releases", "url": "https://github.com/axios/axios/releases" }, { "category": "external", "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html" } ], "release_date": "2024-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-03T10:05:20+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:6211" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64", "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le", "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le", "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "axios: axios: Server-Side Request Forgery" } ] }
rhsa-2024_7624
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.14.11 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.\n\nEnhancement: \n\nWhile creating object bucket claim (OBC), the `NSFSAccontConfig` attribute provided by the users is supported. (BZ#2271780)\n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7624", "url": "https://access.redhat.com/errata/RHSA-2024:7624" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2276934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276934" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "2294000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000" }, { "category": "external", "summary": "2300499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300499" }, { "category": "external", "summary": "2314151", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314151" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7624.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.11 security and bug fix update", "tracking": { "current_release_date": "2024-12-18T04:38:01+00:00", "generator": { "date": "2024-12-18T04:38:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:7624", "initial_release_date": "2024-10-03T11:22:37+00:00", "revision_history": [ { "date": "2024-10-03T11:22:37+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-03T11:22:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T04:38:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHODF 4.14 for RHEL 9", "product": { "name": "RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift Data Foundation" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "product": { "name": "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "product_id": "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "product_id": "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "product": { "name": "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "product_id": "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "product": { "name": "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "product_id": "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "product_id": "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "product": { "name": "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "product_id": "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "product_id": "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "product": { "name": "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "product_id": "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "product_id": "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "product": { "name": "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "product_id": "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "product": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "product_id": "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "product_id": "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "product": { "name": "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "product_id": "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "product": { "name": "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "product_id": "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "product_id": "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "product_id": "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "product": { "name": "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "product_id": "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.14.11-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "product": { "name": "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "product_id": "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "product": { "name": "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "product_id": "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "product": { "name": "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "product_id": "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "product": { "name": "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "product_id": "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "product": { "name": "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "product_id": "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "product": { "name": "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "product_id": "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "product_id": "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "product_id": "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "product": { "name": "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "product_id": "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "product": { "name": "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "product_id": "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "product": { "name": "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "product_id": "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "product": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "product_id": "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "product_id": "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "product": { "name": "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "product_id": "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "product": { "name": "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "product_id": "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "product_id": "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "product_id": "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "product": { "name": "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "product_id": "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.14.11-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "product": { "name": "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "product_id": "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "product": { "name": "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "product_id": "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "product": { "name": "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "product_id": "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "product": { "name": "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "product_id": "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "product": { "name": "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "product_id": "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "product": { "name": "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "product_id": "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "product_id": "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "product_id": "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.14.11-2" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "product": { "name": "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "product_id": "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "product": { "name": "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "product_id": "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "product": { "name": "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "product_id": "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "product": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "product_id": "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-cosi-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "product_id": "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "product": { "name": "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "product_id": "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "product": { "name": "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "product_id": "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "product_id": "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "product_id": "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.14.11-3" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "product": { "name": "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "product_id": "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.14.11-2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "product_id": "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "product": { "name": "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "product_id": "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "product_id": "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "product_id": "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "product_id": "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "product": { "name": "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "product_id": "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.14.11-1" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "product": { "name": "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "product_id": "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.14.11-1" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x" }, "product_reference": "odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le" }, "product_reference": "odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64" }, "product_reference": "odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le" }, "product_reference": "odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x" }, "product_reference": "odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64" }, "product_reference": "odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le" }, "product_reference": "odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x" }, "product_reference": "odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le" }, "product_reference": "odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64" }, "product_reference": "odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x" }, "product_reference": "odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le" }, "product_reference": "odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64" }, "product_reference": "odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x" }, "product_reference": "odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64" }, "product_reference": "odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le" }, "product_reference": "odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x" }, "product_reference": "odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x" }, "product_reference": "odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le" }, "product_reference": "odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64" }, "product_reference": "odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x" }, "product_reference": "odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le" }, "product_reference": "odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64" }, "product_reference": "odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le" }, "product_reference": "odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x" }, "product_reference": "odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le" }, "product_reference": "odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x" }, "product_reference": "odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64 as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "relates_to_product_reference": "9Base-RHODF-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x as a component of RHODF 4.14 for RHEL 9", "product_id": "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x", "relates_to_product_reference": "9Base-RHODF-4.14" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-6104", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2024-06-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294000" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-retryablehttp: url might write sensitive information to log file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64" ], "known_not_affected": [ "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6104" }, { "category": "external", "summary": "RHBZ#2294000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104" } ], "release_date": "2024-06-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-03T11:22:37+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7624" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go-retryablehttp: url might write sensitive information to log file" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-03T11:22:37+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7624" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-41818", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-07-29T16:24:42+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2300499" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "fast-xml-parser: ReDOS at currency parsing in currency.js", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has decided to rate this vulnerability as Important due to the potential loss of Availability and the low complexity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-41818" }, { "category": "external", "summary": "RHBZ#2300499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300499" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41818", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41818" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41818", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41818" }, { "category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10" }, { "category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164" }, { "category": "external", "summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v" } ], "release_date": "2024-07-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-03T11:22:37+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7624" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:198b913e48b0152bfcd4967be057b951e7c9be03fe0f9109928c40d7db98948b_s390x", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c1217640360c3e5fceded6bb889fef6f2ff3d4551c28b01047e8e1343713f37b_ppc64le", "9Base-RHODF-4.14:odf4/cephcsi-rhel9@sha256:c2eeab3e7dc55c3496c60e40162de8519c9271c63e443efb3fd7015fc30f9256_amd64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:23875fda16b7b83821fcce48d751c0b8c4ebad6252fd772ee3a8dcd0e4569f1b_ppc64le", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:477eef0378bbf1f449e784e940388422ce6a16b150fa694c2e53c141b88cbb3f_arm64", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dcbec37308a54c62edeb4c5afb2643b79ca4f242b956927f5abd620538b5eca2_s390x", "9Base-RHODF-4.14:odf4/mcg-cli-rhel9@sha256:dfe05cc04c55b1852183eebcbead5918cf05502d38a83a5262c180376e3faf38_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:57de8b934141a9715df09cf8500fefae498132412c03d3361ec32dc92f402c71_amd64", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:722ee21e74821d8d0168e03688f83d9790cd485f9fbb5427e89e4f2e5df455a7_ppc64le", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:820a8fd137af2e7ee5bc8b4de6b6faf2233b70c7aa6e48b0a680fb92e7ef1c1b_s390x", "9Base-RHODF-4.14:odf4/mcg-core-rhel9@sha256:eaa493f949e533f41b6ef30059b7f84600ac4b8c8a150a7439e4a916886c2ce0_arm64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:0eaf9c53018054ec1c65ba833206b1b7829883fe487a03954a874b89d9f922ff_amd64", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:58545a74c65fc7502cdee7db68bc10f9b8d7d2150f947127553a3962e07f2349_ppc64le", "9Base-RHODF-4.14:odf4/mcg-operator-bundle@sha256:f107e60269f7a780f3687eec7dedfe6b5674ddf8da876e9ac7c9f5c17bc8c1c7_s390x", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:93013e7a600daa46fb3a5482ec74b24b00781003b1eea4c1f514f82c9e9872cd_ppc64le", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:c68351205603de2f985e6bf5a6a82154aff90c3066989bb4fbdd8e2bbe61563d_arm64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:e25d414f3ed6fc7ee69a930c36ef08eb13fdcf4ba86c11305faddecb68d3b23d_amd64", "9Base-RHODF-4.14:odf4/mcg-rhel9-operator@sha256:f0dcb1c758859202644d54191f9d0ab0f08c7fc169be62b070c8607296c2be64_s390x", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:1de8177b9cc914602b1980b8a68e608621cb1c38cff694fde7068fd62d709c90_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5ccd0611385018297c8ca1e9a312eacaafea271021ea19680a7cc99011264c48_amd64", "9Base-RHODF-4.14:odf4/ocs-client-console-rhel9@sha256:5f5e56944c34ecab30a3171abb8c1ddd2bebffbd3ace5b765c0deb9c5cf29edc_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:40470da01033df515fa4d139e9418f422d955f1695a21538d9585ae62db54c51_s390x", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:c7ca828d978331d41e2205a8f382f49182c86c1ff962f0ea76015d39dc1d7301_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-operator-bundle@sha256:ec3ec15ea56fc9c3d81ae9ec0de0b10c99b237a54ce4aa18c44546fd962e9078_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:8ced8ef272c7e063d2ff496f1dee544fe93198e049384ceadef8ff73b9ef0a80_ppc64le", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:a498487cd4b94270588a9146feac54c267016c4793c5403b90428c3777652140_arm64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:b200bc6dfac11556f0b688fa4d48eeb3cee96ff316ec20549290ac5512893a28_amd64", "9Base-RHODF-4.14:odf4/ocs-client-rhel9-operator@sha256:bd75d42d63d862c9d7dbfd65bb2cb09e995278364c336f3c3363691bd495182e_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:14a0f09a91ab08ab96af9be59e50627bafa5ff7e327f8302a6e3c3ca879feebc_s390x", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:19e8dd141ae1cf4a0f393010437a0f112086bb1bf6db3f509470f607a823ed77_amd64", "9Base-RHODF-4.14:odf4/ocs-metrics-exporter-rhel9@sha256:2760f2774890909acd3159d8dfef71efa5e9efd28e9adf21024f4c9fcd413a84_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:30b801f88c70aee3ac36a9c871a83cc1bdbd3ab7bd5030dc226402b2a90753bc_ppc64le", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:8226f530d8187afb31eee7e149396953c94e96ea8cb886accb129a7e64888fdd_amd64", "9Base-RHODF-4.14:odf4/ocs-operator-bundle@sha256:a7360499e96fb723ac477bea40b010068f329bdc5ffa08b98326b759bcf213f7_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:5e32fa031a7c0b0a173e9117f79c004b2abf1f095c10fef8328524a5721b7475_amd64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:a3872ff6d05841a488613a6382f87199acfc501dc6febcb7b7e3cfa05d4f59b1_arm64", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:c3e8f712b092d4380f3c1d6c9121fdf092f4bed2bd9a2f8de59d899e3116a6b9_s390x", "9Base-RHODF-4.14:odf4/ocs-rhel9-operator@sha256:f9689630434781061e0715b3608ac8c3495062d93049cdfad7be6c487dde3676_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:1e69633722b1f95bed6ea4f340d4ceccec63de86a700383ee5a479100acd055c_amd64", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:3a725f687187a255b77062a94312155a78bcd7fe8e02991c3239b9afbae7d6d0_ppc64le", "9Base-RHODF-4.14:odf4/odf-console-rhel9@sha256:af9cb4def55bd6a8600bbc1b6aee6a6fd85a2129439dbca25df4641e55084bf7_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:1275b30f0644d53762a2e127bc054609dc524ca30388bcfb7eb8f2e0a9b96dd6_s390x", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:7afc554789a9f12aaf514d42cf26dda894afec05fb003cd2fe6b0a1c83768a49_ppc64le", "9Base-RHODF-4.14:odf4/odf-cosi-sidecar-rhel9@sha256:af2594dfb35cd12bad4fe61d2fcc71d22128aa84554fe00526162b9b3df44b00_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:8f077f53d3e93670dd800b7c86a4e78181166ac2c0fc8c9dba2c863339c37d79_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:eca3b6269440caaa3951708b32ac78f90785e0b2958372ecbf1299655c506eae_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-operator-bundle@sha256:f5645c34e228e1772852829d552140626f82a58eea9ff419b67191964e611205_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:6a9e1c870e2082286be8edc8c9e7da66638903b80fea427a93bcdd80c540d2f2_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:7d51991c5e51f0e27133cb3aa6d7c2863c9c082d8cfe9e803f3c1ea8bb60599c_amd64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:83c78ac23743fe151a78e58bf1eeb751a24d96168fd05d231296663d32dce24d_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-rhel9-operator@sha256:ce9028a1d49cbc0f6550fb86803eafe1a0efcc7806d0cff425c519e34677d65c_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:043199e57624f7052ded73583bc2a9e0e797266969caf8d1d6b0ae81c755c12d_ppc64le", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:1b7920f3f53fdb926b9875c2a846fc6d4a00e5f369de6bb45d0e58e86016e461_arm64", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:86b6cb9a285d816b364f0da25333fee54eac48d3f3bbfd349e4dffdd862125fb_s390x", "9Base-RHODF-4.14:odf4/odf-csi-addons-sidecar-rhel9@sha256:d65fd99665dc319ff3279464acdb1f6fe18e4d02c05cea8d3a06acb51c521872_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:84dd3db1e1abcca54eabb55dcef2aad5b20a53225377b4d4d169708ad416a12f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:9b25bbc8ccbfbe71dfe331202278d642fd5a1a0bea778587946177f41f0a6058_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-console-rhel9@sha256:ab38043da618d860d353b4ca47317fdb8f136fdf4a6c982ea60852561578dfd2_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:00a077cb79d2747cee489b771e77d483d98593e7c2eb4c5612646cbd4659633f_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:233e7733ef8c9aed7a41b926094dfa19f07c95db5df6f088b1d3b6fbb2970d8b_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-operator-bundle@sha256:f0ed320b68a0a4fc66c92f4712e51972c9b8b1b02a0a8e3cb439347436276701_ppc64le", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:0b05a2cd389068cb93a442bccc19434bf3a6edddea1a637fa9fae06d809e1c36_arm64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:179b9546044b76ce665622cf1b945032696bbbede306c88320d01e0fbd8220cb_s390x", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:757aa4edad0e0920a7094ae798d366eb166e2d90eac670ca9d02d0499537e446_amd64", "9Base-RHODF-4.14:odf4/odf-multicluster-rhel9-operator@sha256:ea5d98c8132d7e47a6af0b535dba037a4476b6c9dc1d41bb73d8a3e307502dd1_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:208271130092330d689fbc68ef2af8dc10f2bc3b8348d3fd895ef1a7bd2cd3a8_s390x", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:5bc19e095821f7aac7dd2278a30bb08dc2ab29efdbfd17e241ce78dac8596274_amd64", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:96082451c935b00da410141c71bb8616e6b25805386fde313a036fd6d0ac54b2_ppc64le", "9Base-RHODF-4.14:odf4/odf-must-gather-rhel9@sha256:e3d62bbbeea94f53189ef88a0e195ed21a9f7f59f7c838aa50bdfa7ced79388f_arm64", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:5590372dd9cef2fef707919f191180acd69dcb53b6b21e82a96c706300de2b01_s390x", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:7b1fd61dd4889a7d37cade4ba99ac1c63365128fd809c3f12cc9a977a82616c5_ppc64le", "9Base-RHODF-4.14:odf4/odf-operator-bundle@sha256:8b78c663b3dcba68d34aee56ae280a3ad7d4e1c6ae12dcb53545fd7cbf3d569d_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:2ef39d10aaaea1c6620f40eae4017a1fd35e0092abb7af99cf958079ef38c018_amd64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:9a4ced1d6a47bb6b19b461c2483f2fbb7dacc63e3118bf4809bfefb70852c8b8_arm64", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cac580bde7dc4ed208e93b2fc095884552d80274348d34a3a6ba94a68ef1afd6_ppc64le", "9Base-RHODF-4.14:odf4/odf-rhel9-operator@sha256:cd7f3ca0f9acc83d5756ed1f9ea5200cf69505f234b19102c4084a2c85dd1a76_s390x", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:4f802789bd747781667faf9cc08bc8cd85ecc818c50f506ade683b9298495022_amd64", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:5b30a75058a04ae57c5fa65b08288211c392e28577447edc45dd828bf70f8ca3_ppc64le", "9Base-RHODF-4.14:odf4/odr-cluster-operator-bundle@sha256:60e4c83d584f84c252397b3573ba9db92af0a9cbd62e2797406c62cc7416b35f_s390x", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:3cb4fc8c52a5bf5295ef58ef1627c646c6defc9ccc64fc116c996e3394287a2c_ppc64le", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:ba02179d57bd69e4992990111b331c648aa58ae842aadca555172ce9ffb497ef_amd64", "9Base-RHODF-4.14:odf4/odr-hub-operator-bundle@sha256:c7a198b719a27687df1ade2a762de09d084c651d086c4523244e5cb204d68316_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:0f539a7241bf6227277a55aba4fa3a426ad53578e045518da506ddc869707ccf_ppc64le", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:14d96c5fbb28fb6b2d62febf0c2fb01d031c6d0c94793b90437e657a190d8374_s390x", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:294b8de52a544b1478f50fd3f10fde726736618d5c74cd5c89aee8250c6c6598_amd64", "9Base-RHODF-4.14:odf4/odr-rhel9-operator@sha256:842f7534ac0ee0628ce375e4a891c2467cc92808ddb14046187291f13e9eb4ed_arm64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:53ba1f765675926348d5a4700c0ecebf28a17ed9f4b8439c442eb8eb9f568a86_ppc64le", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:6d25fb7f40747ec3884ded2d4048dabbd888e0e19a959acaea65a800ae1a0f88_amd64", "9Base-RHODF-4.14:odf4/rook-ceph-rhel9-operator@sha256:c926f50c2837870fa433a6d55051356691c3055304d80cda3267338b5d4f7088_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "fast-xml-parser: ReDOS at currency parsing in currency.js" } ] }
rhsa-2024_7164
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.8.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration (CVE-2024-29018)\n\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7164", "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "2268273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273" }, { "category": "external", "summary": "2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2270591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591" }, { "category": "external", "summary": "2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "2274767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767" }, { "category": "external", "summary": "2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814" }, { "category": "external", "summary": "2280600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600" }, { "category": "external", "summary": "2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "2293200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293200" }, { "category": "external", "summary": "2295302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295302" }, { "category": "external", "summary": "2299624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299624" }, { "category": "external", "summary": "2299625", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299625" }, { "category": "external", "summary": "2299628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299628" }, { "category": "external", "summary": "2299668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299668" }, { "category": "external", "summary": "MIG-1592", "url": "https://issues.redhat.com/browse/MIG-1592" }, { "category": "external", "summary": "MIG-1593", "url": "https://issues.redhat.com/browse/MIG-1593" }, { "category": "external", "summary": "MIG-1598", "url": "https://issues.redhat.com/browse/MIG-1598" }, { "category": "external", "summary": "MIG-1610", "url": "https://issues.redhat.com/browse/MIG-1610" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7164.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update", "tracking": { "current_release_date": "2024-12-18T05:41:22+00:00", "generator": { "date": "2024-12-18T05:41:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:7164", "initial_release_date": "2024-09-26T03:46:53+00:00", "revision_history": [ { "date": "2024-09-26T03:46:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-09-26T03:46:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-18T05:41:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.8", "product": { "name": "8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.8::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.8.4-22" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "product": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.8.4-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.8.4-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.8.4-16" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.8.4-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.8.4-16" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.8.4-33" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.8.4-11" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.8.4-9" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.8.4-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8\u0026tag=v1.8.4-9" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64" }, "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64 as a component of 8Base-RHMTC-1.8", "product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-25211", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "discovery_date": "2024-07-02T21:00:45+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2295302" } ], "notes": [ { "category": "description", "text": "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.", "title": "Vulnerability description" }, { "category": "summary", "text": "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-25211" }, { "category": "external", "summary": "RHBZ#2295302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295302" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-25211", "url": "https://www.cve.org/CVERecord?id=CVE-2019-25211" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25211", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25211" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-869c-j7wc-8jqv", "url": "https://github.com/advisories/GHSA-869c-j7wc-8jqv" }, { "category": "external", "summary": "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d", "url": "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d" }, { "category": "external", "summary": "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0", "url": "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0" }, { "category": "external", "summary": "https://github.com/gin-contrib/cors/pull/106", "url": "https://github.com/gin-contrib/cors/pull/106" }, { "category": "external", "summary": "https://github.com/gin-contrib/cors/pull/57", "url": "https://github.com/gin-contrib/cors/pull/57" }, { "category": "external", "summary": "https://github.com/gin-contrib/cors/releases/tag/v1.6.0", "url": "https://github.com/gin-contrib/cors/releases/tag/v1.6.0" } ], "release_date": "2024-07-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors" }, { "acknowledgments": [ { "names": [ "Bartek Nowotarski" ], "organization": "nowotarski.info" } ], "cve": "CVE-2023-45288", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-03-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268273" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45288" }, { "category": "external", "summary": "RHBZ#2268273", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288" }, { "category": "external", "summary": "https://nowotarski.info/http2-continuation-flood/", "url": "https://nowotarski.info/http2-continuation-flood/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2687", "url": "https://pkg.go.dev/vuln/GO-2024-2687" }, { "category": "external", "summary": "https://www.kb.cert.org/vuls/id/421644", "url": "https://www.kb.cert.org/vuls/id/421644" } ], "release_date": "2024-04-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS" }, { "cve": "CVE-2023-45289", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268018" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-45289" }, { "category": "external", "summary": "RHBZ#2268018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect" }, { "cve": "CVE-2024-3727", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "discovery_date": "2024-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274767" } ], "notes": [ { "category": "description", "text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "containers/image: digest type does not guarantee valid type", "title": "Vulnerability summary" }, { "category": "other", "text": "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-3727" }, { "category": "external", "summary": "RHBZ#2274767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-3727", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3727" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3727" } ], "release_date": "2024-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "containers/image: digest type does not guarantee valid type" }, { "cve": "CVE-2024-4068", "cwe": { "id": "CWE-1050", "name": "Excessive Platform Resource Consumption within a Loop" }, "discovery_date": "2024-05-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2280600" } ], "notes": [ { "category": "description", "text": "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "braces: fails to limit the number of characters it can handle", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-4068" }, { "category": "external", "summary": "RHBZ#2280600", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-4068", "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068" }, { "category": "external", "summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/", "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/" }, { "category": "external", "summary": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308", "url": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308" }, { "category": "external", "summary": "https://github.com/micromatch/braces/issues/35", "url": "https://github.com/micromatch/braces/issues/35" } ], "release_date": "2024-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "braces: fails to limit the number of characters it can handle" }, { "cve": "CVE-2024-24788", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-05-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2279814" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net: malformed DNS message can cause infinite loop", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24788" }, { "category": "external", "summary": "RHBZ#2279814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2824", "url": "https://pkg.go.dev/vuln/GO-2024-2824" } ], "release_date": "2024-05-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net: malformed DNS message can cause infinite loop" }, { "cve": "CVE-2024-28180", "cwe": { "id": "CWE-409", "name": "Improper Handling of Highly Compressed Data (Data Amplification)" }, "discovery_date": "2024-03-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268854" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose-go: improper handling of highly compressed data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28180" }, { "category": "external", "summary": "RHBZ#2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180" }, { "category": "external", "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g" } ], "release_date": "2024-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose-go: improper handling of highly compressed data" }, { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-28863", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-06-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293200" } ], "notes": [ { "category": "description", "text": "A flaw was found in ISAACS\u0027s node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-tar: denial of service while parsing a tar file due to lack of folders depth validation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28863" }, { "category": "external", "summary": "RHBZ#2293200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28863", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28863", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28863" }, { "category": "external", "summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36", "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240524-0005/", "url": "https://security.netapp.com/advisory/ntap-20240524-0005/" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-tar: denial of service while parsing a tar file due to lack of folders depth validation" }, { "cve": "CVE-2024-29018", "cwe": { "id": "CWE-669", "name": "Incorrect Resource Transfer Between Spheres" }, "discovery_date": "2024-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270591" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Moby due to excessive data output in external DNS requests from \"internal\" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource transfer between spheres through specially crafted requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29018" }, { "category": "external", "summary": "RHBZ#2270591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29018", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018" }, { "category": "external", "summary": "https://github.com/moby/moby/pull/46609", "url": "https://github.com/moby/moby/pull/46609" }, { "category": "external", "summary": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx", "url": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx" } ], "release_date": "2024-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration" }, { "cve": "CVE-2024-29041", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2024-06-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2290901" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: cause malformed URLs to be evaluated", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29041" }, { "category": "external", "summary": "RHBZ#2290901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "category": "external", "summary": "https://expressjs.com/en/4x/api.html#res.location", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "category": "external", "summary": "https://github.com/expressjs/express/pull/5539", "url": "https://github.com/expressjs/express/pull/5539" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "category": "external", "summary": "https://github.com/koajs/koa/issues/1800", "url": "https://github.com/koajs/koa/issues/1800" } ], "release_date": "2024-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "express: cause malformed URLs to be evaluated" }, { "cve": "CVE-2024-29180", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2024-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2270863" } ], "notes": [ { "category": "description", "text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack-dev-middleware: lack of URL validation may lead to file leak", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29180" }, { "category": "external", "summary": "RHBZ#2270863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180" }, { "category": "external", "summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6", "url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6" } ], "release_date": "2024-03-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "webpack-dev-middleware: lack of URL validation may lead to file leak" }, { "cve": "CVE-2024-39338", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-08-13T17:21:32.774718+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2304369" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", "title": "Vulnerability description" }, { "category": "summary", "text": "axios: axios: Server-Side Request Forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-39338" }, { "category": "external", "summary": "RHBZ#2304369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338" }, { "category": "external", "summary": "https://github.com/axios/axios/releases", "url": "https://github.com/axios/axios/releases" }, { "category": "external", "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html" } ], "release_date": "2024-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-09-26T03:46:53+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7164" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64", "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "axios: axios: Server-Side Request Forgery" } ] }
gsd-2024-29041
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-29041" ], "details": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.", "id": "GSD-2024-29041", "modified": "2024-04-02T05:02:57.579467Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-29041", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "express", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003e=4.14.0, \u003c4.19.0" }, { "version_affected": "=", "version_value": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3" } ] } } ] }, "vendor_name": "expressjs" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." } ] }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-601", "lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" } ] }, { "description": [ { "cweId": "CWE-1286", "lang": "eng", "value": "CWE-1286: Improper Validation of Syntactic Correctness of Input" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc", "refsource": "MISC", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "name": "https://github.com/koajs/koa/issues/1800", "refsource": "MISC", "url": "https://github.com/koajs/koa/issues/1800" }, { "name": "https://github.com/expressjs/express/pull/5539", "refsource": "MISC", "url": "https://github.com/expressjs/express/pull/5539" }, { "name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd", "refsource": "MISC", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94", "refsource": "MISC", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "name": "https://expressjs.com/en/4x/api.html#res.location", "refsource": "MISC", "url": "https://expressjs.com/en/4x/api.html#res.location" } ] }, "source": { "advisory": "GHSA-rv95-896h-c2vc", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3." }, { "lang": "es", "value": "El framework web minimalista Express.js para node. Las versiones de Express.js anteriores a 4.19.0 y todas las versiones alfa y beta preliminares de 5.0 se ven afectadas por una vulnerabilidad de redireccionamiento abierto que utiliza URL con formato incorrecto. Cuando un usuario de Express realiza una redirecci\u00f3n utilizando una URL proporcionada por el usuario, Express realiza una codificaci\u00f3n [usando `encodeurl`](https://github.com/pillarjs/encodeurl) en el contenido antes de pasarlo al encabezado de `ubicaci\u00f3n`. Esto puede hacer que las URL con formato incorrecto se eval\u00faen de maneras inesperadas mediante implementaciones de listas permitidas de redireccionamiento com\u00fan en aplicaciones Express, lo que lleva a una redirecci\u00f3n abierta al omitir una lista permitida implementada correctamente. El m\u00e9todo principal afectado es `res.location()` pero tambi\u00e9n se llama desde `res.redirect()`. La vulnerabilidad se solucion\u00f3 en 4.19.2 y 5.0.0-beta.3." } ], "id": "CVE-2024-29041", "lastModified": "2024-03-26T12:55:05.010", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-03-25T21:15:46.847", "references": [ { "source": "security-advisories@github.com", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/pull/5539" }, { "source": "security-advisories@github.com", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "source": "security-advisories@github.com", "url": "https://github.com/koajs/koa/issues/1800" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-1286" }, { "lang": "en", "value": "CWE-601" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
WID-SEC-W-2024-0956
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0956 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json" }, { "category": "self", "summary": "WID-SEC-2024-0956 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149177" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149179" }, { "category": "external", "summary": "IBM Security Bulletin 7150843 vom 2024-05-10", "url": "https://www.ibm.com/support/pages/node/7150843" } ], "source_lang": "en-US", "title": "IBM App Connect Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-12T22:00:00.000+00:00", "generator": { "date": "2024-05-13T08:03:06.630+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0956", "initial_release_date": "2024-04-23T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-23T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-05-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM App Connect Enterprise", "product": { "name": "IBM App Connect Enterprise", "product_id": "T032495", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:-" } } }, { "category": "product_version_range", "name": "\u003c11.5.0", "product": { "name": "IBM App Connect Enterprise \u003c11.5.0", "product_id": "T034375", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:11.5.0" } } }, { "category": "product_version_range", "name": "\u003c5.0.17 LTS", "product": { "name": "IBM App Connect Enterprise \u003c5.0.17 LTS", "product_id": "T034376", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:5.0.17_lts" } } } ], "category": "product_name", "name": "App Connect Enterprise" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-29041", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-29041" }, { "cve": "CVE-2024-30260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30260" }, { "cve": "CVE-2024-30261", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30261" } ] }
wid-sec-w-2024-0956
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0956 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json" }, { "category": "self", "summary": "WID-SEC-2024-0956 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149177" }, { "category": "external", "summary": "IBM Security Bulletin vom 2024-04-23", "url": "https://www.ibm.com/support/pages/node/7149179" }, { "category": "external", "summary": "IBM Security Bulletin 7150843 vom 2024-05-10", "url": "https://www.ibm.com/support/pages/node/7150843" } ], "source_lang": "en-US", "title": "IBM App Connect Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-12T22:00:00.000+00:00", "generator": { "date": "2024-05-13T08:03:06.630+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0956", "initial_release_date": "2024-04-23T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-23T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-05-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM App Connect Enterprise", "product": { "name": "IBM App Connect Enterprise", "product_id": "T032495", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:-" } } }, { "category": "product_version_range", "name": "\u003c11.5.0", "product": { "name": "IBM App Connect Enterprise \u003c11.5.0", "product_id": "T034375", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:11.5.0" } } }, { "category": "product_version_range", "name": "\u003c5.0.17 LTS", "product": { "name": "IBM App Connect Enterprise \u003c5.0.17 LTS", "product_id": "T034376", "product_identification_helper": { "cpe": "cpe:/a:ibm:app_connect_enterprise:5.0.17_lts" } } } ], "category": "product_name", "name": "App Connect Enterprise" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-29041", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-29041" }, { "cve": "CVE-2024-30260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30260" }, { "cve": "CVE-2024-30261", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T032495" ] }, "release_date": "2024-04-23T22:00:00Z", "title": "CVE-2024-30261" } ] }
ghsa-rv95-896h-c2vc
Vulnerability from github
Impact
Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.
When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl
on the contents before passing it to the location
header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.
The main method impacted is res.location()
but this is also called from within res.redirect()
.
Patches
https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
An initial fix went out with express@4.19.0
, we then patched a feature regression in 4.19.1
and added improved handling for the bypass in 4.19.2
.
Workarounds
The fix for this involves pre-parsing the url string with either require('node:url').parse
or new URL
. These are steps you can take on your own before passing the user input string to res.location
or res.redirect
.
References
https://github.com/expressjs/express/pull/5539 https://github.com/koajs/koa/issues/1800 https://expressjs.com/en/4x/api.html#res.location
{ "affected": [ { "package": { "ecosystem": "npm", "name": "express" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.19.2" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "express" }, "ranges": [ { "events": [ { "introduced": "5.0.0-alpha.1" }, { "fixed": "5.0.0-beta.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-29041" ], "database_specific": { "cwe_ids": [ "CWE-1286", "CWE-601" ], "github_reviewed": true, "github_reviewed_at": "2024-03-25T19:40:26Z", "nvd_published_at": "2024-03-25T21:15:46Z", "severity": "MODERATE" }, "details": "### Impact\n\nVersions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.\n\nWhen a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.\n\nThe main method impacted is `res.location()` but this is also called from within `res.redirect()`.\n\n### Patches\n\nhttps://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd\nhttps://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94\n\nAn initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`.\n\n### Workarounds\n\nThe fix for this involves pre-parsing the url string with either `require(\u0027node:url\u0027).parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`.\n\n### References\n\nhttps://github.com/expressjs/express/pull/5539\nhttps://github.com/koajs/koa/issues/1800\nhttps://expressjs.com/en/4x/api.html#res.location", "id": "GHSA-rv95-896h-c2vc", "modified": "2024-03-25T22:24:57Z", "published": "2024-03-25T19:40:26Z", "references": [ { "type": "WEB", "url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041" }, { "type": "WEB", "url": "https://github.com/koajs/koa/issues/1800" }, { "type": "WEB", "url": "https://github.com/expressjs/express/pull/5539" }, { "type": "WEB", "url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd" }, { "type": "WEB", "url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94" }, { "type": "WEB", "url": "https://expressjs.com/en/4x/api.html#res.location" }, { "type": "PACKAGE", "url": "https://github.com/expressjs/express" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Express.js Open Redirect in malformed URLs" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.