Action not permitted
Modal body text goes here.
cve-2024-29902
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:sigstore:cosign:0.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cosign", "vendor": "sigstore", "versions": [ { "lessThan": "2.2.4", "status": "affected", "version": "0.1.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-29902", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-03T14:13:43.671206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:57:24.059Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:17:58.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40" }, { "name": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cosign", "vendor": "sigstore", "versions": [ { "status": "affected", "version": "\u003c 2.2.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T22:28:19.788Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40" }, { "name": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "source": { "advisory": "GHSA-88jx-383q-w4qc", "discovery": "UNKNOWN" }, "title": "Cosign vulnerable to system-wide denial of service via malicious attachments" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-29902", "datePublished": "2024-04-10T22:28:19.788Z", "dateReserved": "2024-03-21T15:12:09.000Z", "dateUpdated": "2024-08-02T01:17:58.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-29902\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-10T23:15:06.920\",\"lastModified\":\"2024-04-11T12:47:44.137\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.\"},{\"lang\":\"es\",\"value\":\"Cosign proporciona firma de c\u00f3digo y transparencia para contenedores y binarios. Antes de la versi\u00f3n 2.2.4, una imagen remota con un archivo adjunto malicioso pod\u00eda provocar una denegaci\u00f3n de servicio en la m\u00e1quina host que ejecuta Cosign. Esto puede afectar a otros servicios de la m\u00e1quina que dependen de la memoria disponible, como una base de datos de Redis, lo que puede provocar la p\u00e9rdida de datos. Tambi\u00e9n puede afectar la disponibilidad de otros servicios en la m\u00e1quina que no estar\u00e1n disponibles mientras dure la denegaci\u00f3n de la m\u00e1quina. La causa principal de este problema es que Cosign lee el archivo adjunto de una imagen remota completamente en la memoria sin verificar primero el tama\u00f1o del archivo adjunto. Como tal, un archivo adjunto grande puede hacer que Cosign lea un archivo adjunto grande en la memoria; Si el tama\u00f1o de los archivos adjuntos es mayor que la memoria disponible de la m\u00e1quina, se le negar\u00e1 el servicio a la m\u00e1quina. El tiempo de ejecuci\u00f3n de Go realizar\u00e1 un SigKill despu\u00e9s de unos segundos de denegaci\u00f3n en todo el sistema. Este problema puede permitir una escalada de la cadena de suministro desde un registro comprometido hasta el usuario de Cosign: si un adjunto ha comprometido un registro o la cuenta de un proveedor de im\u00e1genes, puede incluir un archivo adjunto malicioso y da\u00f1ar al consumidor de la imagen. La versi\u00f3n 2.2.4 contiene un parche para la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/releases/tag/v2.2.4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc\",\"source\":\"security-advisories@github.com\"}]}}" } }
gsd-2024-29902
Vulnerability from gsd
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-29902" ], "details": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability.", "id": "GSD-2024-29902", "modified": "2024-04-03T05:02:30.464983Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2024-29902", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cosign", "version": { "version_data": [ { "version_affected": "=", "version_value": "\u003c 2.2.4" } ] } } ] }, "vendor_name": "sigstore" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability." } ] }, "impact": { "cvss": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-770", "lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" }, { "name": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "name": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40", "refsource": "MISC", "url": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40" }, { "name": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239" }, { "name": "https://github.com/sigstore/cosign/releases/tag/v2.2.4", "refsource": "MISC", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ] }, "source": { "advisory": "GHSA-88jx-383q-w4qc", "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "descriptions": [ { "lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial. The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SigKill after a few seconds of system-wide denial. This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. Version 2.2.4 contains a patch for the vulnerability." } ], "id": "CVE-2024-29902", "lastModified": "2024-04-11T12:47:44.137", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary" } ] }, "published": "2024-04-10T23:15:06.920", "references": [ { "source": "security-advisories@github.com", "url": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" }, { "source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" } ], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "security-advisories@github.com", "type": "Secondary" } ] } } } }
ghsa-88jx-383q-w4qc
Vulnerability from github
Summary
A remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial.
Details
The root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a SIGKILL
after a few seconds of system-wide denial.
The root cause is that Cosign reads the contents of the attachments entirely into memory on line 238 below:
https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239
...and prior to that, neither Cosign nor go-containerregistry checks the size of the attachment and enforces a max cap. In the case of a remote layer of f *attached
, go-containerregistry will invoke this API:
https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40
golang
func (rl *remoteLayer) Compressed() (io.ReadCloser, error) {
// We don't want to log binary layers -- this can break terminals.
ctx := redact.NewContext(rl.ctx, "omitting binary blobs from logs")
return rl.fetcher.fetchBlob(ctx, verify.SizeUnknown, rl.digest)
}
Notice that the second argument to rl.fetcher.fetchBlob
is verify.SizeUnknown
which results in not using the io.LimitReader
in verify.ReadCloser
:
https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/internal/verify/verify.go#L82-L100
golang
func ReadCloser(r io.ReadCloser, size int64, h v1.Hash) (io.ReadCloser, error) {
w, err := v1.Hasher(h.Algorithm)
if err != nil {
return nil, err
}
r2 := io.TeeReader(r, w) // pass all writes to the hasher.
if size != SizeUnknown {
r2 = io.LimitReader(r2, size) // if we know the size, limit to that size.
}
return &and.ReadCloser{
Reader: &verifyReader{
inner: r2,
hasher: w,
expected: h,
wantSize: size,
},
CloseFunc: r.Close,
}, nil
}
Impact
This issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer.
Remediation
Update to the latest version of Cosign, which limits the number of attachments. An environment variable can override this value.
{ "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/sigstore/cosign" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "2.2.3" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.2.3" }, "package": { "ecosystem": "Go", "name": "github.com/sigstore/cosign/v2" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.2.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-29902" ], "database_specific": { "cwe_ids": [ "CWE-770" ], "github_reviewed": true, "github_reviewed_at": "2024-04-11T17:05:01Z", "nvd_published_at": "2024-04-10T23:15:06Z", "severity": "MODERATE" }, "details": "### Summary\nA remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as a Redis database which can result in data loss. It can also impact the availability of other services on the machine that will not be available for the duration of the machine denial.\n\n### Details\nThe root cause of this issue is that Cosign reads the attachment from a remote image entirely into memory without checking the size of the attachment first. As such, a large attachment can make Cosign read a large attachment into memory; If the attachments size is larger than the machine has memory available, the machine will be denied of service. The Go runtime will make a `SIGKILL` after a few seconds of system-wide denial.\n\nThe root cause is that Cosign reads the contents of the attachments entirely into memory on line 238 below:\n\nhttps://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239\n\n...and prior to that, neither Cosign nor go-containerregistry checks the size of the attachment and enforces a max cap. In the case of a remote layer of `f *attached`, go-containerregistry will invoke this API:\n\nhttps://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40\n```golang\nfunc (rl *remoteLayer) Compressed() (io.ReadCloser, error) {\n\t// We don\u0027t want to log binary layers -- this can break terminals.\n\tctx := redact.NewContext(rl.ctx, \"omitting binary blobs from logs\")\n\treturn rl.fetcher.fetchBlob(ctx, verify.SizeUnknown, rl.digest)\n}\n```\n\nNotice that the second argument to `rl.fetcher.fetchBlob` is `verify.SizeUnknown` which results in not using the `io.LimitReader` in `verify.ReadCloser`:\nhttps://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/internal/verify/verify.go#L82-L100\n```golang\nfunc ReadCloser(r io.ReadCloser, size int64, h v1.Hash) (io.ReadCloser, error) {\n\tw, err := v1.Hasher(h.Algorithm)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tr2 := io.TeeReader(r, w) // pass all writes to the hasher.\n\tif size != SizeUnknown {\n\t\tr2 = io.LimitReader(r2, size) // if we know the size, limit to that size.\n\t}\n\treturn \u0026and.ReadCloser{\n\t\tReader: \u0026verifyReader{\n\t\t\tinner: r2,\n\t\t\thasher: w,\n\t\t\texpected: h,\n\t\t\twantSize: size,\n\t\t},\n\t\tCloseFunc: r.Close,\n\t}, nil\n}\n```\n\n### Impact\nThis issue can allow a supply-chain escalation from a compromised registry to the Cosign user: If an attacher has compromised a registry or the account of an image vendor, they can include a malicious attachment and hurt the image consumer. \n\n### Remediation\nUpdate to the latest version of Cosign, which limits the number of attachments. An environment variable can override this value.", "id": "GHSA-88jx-383q-w4qc", "modified": "2024-04-11T17:05:01Z", "published": "2024-04-11T17:05:01Z", "references": [ { "type": "WEB", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29902" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/commit/629f5f8fa672973503edde75f84dcd984637629e" }, { "type": "WEB", "url": "https://github.com/google/go-containerregistry/blob/a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40/pkg/v1/remote/layer.go#L36-L40" }, { "type": "PACKAGE", "url": "https://github.com/sigstore/cosign" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/blob/9bc3ee309bf35d2f6e17f5d23f231a3d8bf580bc/pkg/oci/remote/remote.go#L228-L239" }, { "type": "WEB", "url": "https://github.com/sigstore/cosign/releases/tag/v2.2.4" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Cosign malicious attachments can cause system-wide denial of service" }
rhsa-2024_4836
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features, bug fixes, and updates to patch vulnerabilities.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Release of RHACS 4.5 provides these changes:\n\nNew features:\n\n* Scanner V4 is generally available\n* Vulnerability Management 2.0 is generally available\n* Compliance updates\n* Built-in email notifier in RHACS Cloud Service\n* roxctl installation GitHub action\n* Bring your own PKI for signature verification\n* Build-time network policy tools updates\n* Enhanced RHACS Cloud Service experience\n\nThis releases updates the following items to patch vulnerabilities:\n\n* (CVE-2024-28849) The `follow-redirect` module was updated to 1.15.6.\n* (CVE-2024-29903) Updated `cosign` to 2.2.4.\n* (CVE-2024-29902) Updated `cosign` to 2.2.4.\n\nFor more information on new features and other details, see https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4836", "url": "https://access.redhat.com/errata/RHSA-2024:4836" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html", "url": "https://docs.openshift.com/acs/4.5/release_notes/45-release-notes.html" }, { "category": "external", "summary": "2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "2274504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274504" }, { "category": "external", "summary": "2274508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274508" }, { "category": "external", "summary": "ROX-25325", "url": "https://issues.redhat.com/browse/ROX-25325" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4836.json" } ], "title": "Red Hat Security Advisory: RHACS 4.5 enhancement and security update", "tracking": { "current_release_date": "2024-11-06T06:32:49+00:00", "generator": { "date": "2024-11-06T06:32:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4836", "initial_release_date": "2024-07-24T16:18:41+00:00", "revision_history": [ { "date": "2024-07-24T16:18:41+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-24T16:18:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T06:32:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHACS 4.5 for RHEL 8", "product": { "name": "RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8" } } } ], "category": "product_family", "name": "Red Hat Advanced Cluster Security for Kubernetes" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.0-2" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.0-3" } } }, { "category": "product_version", "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "product_identification_helper": { "purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.0-2" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64" }, "product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x" }, "product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "relates_to_product_reference": "8Base-RHACS-4.5" }, { "category": "default_component_of", "full_product_name": { "name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64 as a component of RHACS 4.5 for RHEL 8", "product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" }, "product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64", "relates_to_product_reference": "8Base-RHACS-4.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28849", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2024-03-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2269576" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Possible credential leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28849" }, { "category": "external", "summary": "RHBZ#2269576", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849" }, { "category": "external", "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp", "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp" } ], "release_date": "2024-03-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Possible credential leak" }, { "cve": "CVE-2024-29902", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2024-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274508" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the same system.", "title": "Vulnerability description" }, { "category": "summary", "text": "cosign: Malicious attachments can cause system-wide denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29902" }, { "category": "external", "summary": "RHBZ#2274508", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274508" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29902", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29902" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29902", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29902" }, { "category": "external", "summary": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-88jx-383q-w4qc" } ], "release_date": "2024-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cosign: Malicious attachments can cause system-wide denial of service" }, { "cve": "CVE-2024-29903", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2024-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274504" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Cosign package where maliciously crafted software artifacts can trigger uncontrolled resource consumption by allocating too much memory and starving out the system. A successful attack may result in a denial of service of the machine running Cosign, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "cosign: Malicious artifects can cause machine-wide denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29903" }, { "category": "external", "summary": "RHBZ#2274504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274504" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29903", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29903" }, { "category": "external", "summary": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-95pr-fxf5-86gv" } ], "release_date": "2024-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-24T16:18:41+00:00", "details": "To take advantage of the new features, bug fixes, and enhancements in RHACS 4.5, you are advised to upgrade to RHACS 4.5.0.", "product_ids": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:1c87899018a4913f9e6dd8e2b3d1ff37383a7e56ac3e96a85e079dbe85effeca_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8c04a73d8f765abe32c9d94685fab3b92ddcc7070d2b720a1f83589f49cae26c_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:e9ef2b5776cf35c20bdd8d54a673c1c21e1d0c7df904dbeb53df781d31728fc5_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:1ea20d43e85cafa5ca6d0f140f582e262b25bd9b512e5391c3b1ec34084c3b48_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:9ee5db94996327327379d557741ad1dcfb9ad02d5b75475bf4fcd6bcd544682a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:d130435490dba34bd8fcce316a9db37f1d8edb859bb44c189a935a8be382dcf2_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:564558cc9dc2b84e9328f38ad4e460a8aab7ff38ef555bef0c51651af762b4f8_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:9409644f6c2c664a99bd4c15101b79a40b9262f973c6474401a633b073fe82be_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:960cc3c8fc13530b57eb8bc36c87863ebe8f2ad1274693ac4bf28985b780873a_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:154e8e7ef8f7b40564940f343cdf554b26bdc9d370302fbc8db00fcb75693201_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:5dbb9ee945f396544d5138d9ede1f2ec3d1fb5f5026e9cb487c4f7e95320c742_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:8f239d6885261f4371d52cea9181549c6776c3fe32e7ce1aa1cc0c691bb70f4a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:465631cade0b59189d12075ece6c4e1e18653fa61c99fa1c5c4bf8adaecc832b_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:afe3518921c5f14f11f7543f384c6cfc32eaae86d2a38bb6e36b783aeec53f79_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b235dddbd9b87d565ccd2366ad615a825736c9f8126da62dfec1895c032a5a37_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:90a5b2046ec5e568dad9b4c92dab3ba77925facf0b5cac7a7aeb2fdbb114966c_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:a5fc78d3b992e26345882e86c5c2b69656bb01c55ee6e91efab9b8d1e923cb0d_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:be7499c0f9e6059bbe02749998e097bda1c61ab4010b23687a4dbeaa1f712faa_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:77ffa2139f0773a585aaf39daa10d312d0ba70a363d0f43f4da59d243067180f_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:bb8f961af024729bb85e1b1b59f1fc4e16ffa4b256c101e972b627c32c13ec1d_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e89a9fed4a507d43596b6370921bb518ab5d02c1d50c91bb2dc2a707d37b352a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:51ab3a0a02b291cce8b905ded780162ab09d5cf88268e5bea036425bfb4ac87c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:742de06c156c979be189ee5a9bfe047c50802c037a07943453dacf3d4bfed2b2_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ff722955af6f73af1a4ebb75f07d5c79839b02885a600cf8db99872758534055_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:45d2241b773fd39a9f9dd524836da412e3351b875f63835b3b6161005e9d2c76_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:471e86cce1df924e1f5ebb58486586236cab0547f5c6be6a11c9880f55a7b271_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:db2446a02fdb462a8f83f7353d6310d7adaaf954f89328639a82c2d236d044b3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:74a78c3f83f731f4747d8ebe1b4c2193e40fd32fe38386f0605d0d80d5e236c3_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:bfa74ad1bbfcd0b5dbb79f4f40be8b79a373e03e339c7fddbb95d560af83fdc5_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f975dd4231651f636ebfcd6aeb31ca594d8a39698906a642012caf3823e9f933_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ae4bfeeb65491c9b67ec6305abe3bb857e447a87868aa0d3c19e084a3a9e3d84_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c76cbcbb152d1b597e80d110994aec4671379ad5bc5ac72ebd1f92682ae09f20_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:eb6b9534fde723d6cc4e948c56e63419fd19ea988f42c2e923c6a3b584e96882_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:13459d493463ee55dea78469e083f2b95ae51a189ca5b9a9078dbfea35a66b25_amd64", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4028bf2d853cad41419c15c8a4836f6f69d42ea535cd869e627c204a2ea43c88_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:92496bd9bf82d60b16f724329752a9966c9c503d9e86c19f57217d9ca6d8a07c_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:09147eb5b6d9f92c8775145f47e30f0c1838de11b2d934d88a95056edf68943a_ppc64le", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:54323d1c3a459036a649591946d1465dcd6fa7ac9b5357913a1e36205cb99d34_s390x", "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:ec8290b98211898263099a5643b47dc1018f5aa24757bd5f4469511a4f184144_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cosign: Malicious artifects can cause machine-wide denial of service" } ] }
wid-sec-w-2024-1707
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Advanced Cluster Security for Kubernetes ausnutzen, um Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1707 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1707.json" }, { "category": "self", "summary": "WID-SEC-2024-1707 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1707" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4836" } ], "source_lang": "en-US", "title": "Red Hat Advanced Cluster Security for Kubernetes: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen", "tracking": { "current_release_date": "2024-07-24T22:00:00.000+00:00", "generator": { "date": "2024-07-25T09:02:45.990+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1707", "initial_release_date": "2024-07-24T22:00:00.000+00:00", "revision_history": [ { "date": "2024-07-24T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "RHACS \u003c4.5.0", "product": { "name": "Red Hat Enterprise Linux RHACS \u003c4.5.0", "product_id": "T036456", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:rhacs__4.5.0" } } } ], "category": "product_name", "name": "Enterprise Linux" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-28849", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat Advanced Cluster Security for Kubernetes im Paket follow-redirects. W\u00e4hrend der Verarbeitung der dom\u00e4nen\u00fcbergreifenden Umleitung l\u00f6scht follow-redirects die Autorisierungs-Header, vers\u00e4umt es jedoch, die Proxy-Authentifizierungs-Header zu l\u00f6schen, die ebenfalls Anmeldedaten enthalten. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um die Anmeldeinformationen offenzulegen." } ], "release_date": "2024-07-24T22:00:00Z", "title": "CVE-2024-28849" }, { "cve": "CVE-2024-29902", "notes": [ { "category": "description", "text": "In Red Hat Advanced Cluster Security for Kubernetes existieren mehrere Schwachstellen im Cosign-Paket. Durch b\u00f6swillig erstellte Software-Artefakte oder malizi\u00f6se Anh\u00e4nge kann unkontrollierter Ressourcenverbrauch ausgel\u00f6st werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-07-24T22:00:00Z", "title": "CVE-2024-29902" }, { "cve": "CVE-2024-29903", "notes": [ { "category": "description", "text": "In Red Hat Advanced Cluster Security for Kubernetes existieren mehrere Schwachstellen im Cosign-Paket. Durch b\u00f6swillig erstellte Software-Artefakte oder malizi\u00f6se Anh\u00e4nge kann unkontrollierter Ressourcenverbrauch ausgel\u00f6st werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "release_date": "2024-07-24T22:00:00Z", "title": "CVE-2024-29903" } ] }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.