Action not permitted
Modal body text goes here.
cve-2024-39338
Vulnerability from cvelistv5
Published
2024-08-09 00:00
Modified
2024-08-15 19:26
Severity ?
EPSS score ?
Summary
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/axios/axios/releases | Release Notes | |
| cve@mitre.org | https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html | Exploit, Third Party Advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*"
],
"defaultStatus": "unknown",
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39338",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:24:57.844261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:26:34.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:00:16.583997",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/axios/axios/releases"
},
{
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39338",
"datePublished": "2024-08-09T00:00:00",
"dateReserved": "2024-06-23T00:00:00",
"dateUpdated": "2024-08-15T19:26:34.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39338\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-08-12T13:38:24.487\",\"lastModified\":\"2024-08-23T18:35:36.313\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.\"},{\"lang\":\"es\",\"value\":\"axios 1.7.2 permite SSRF a trav\u00e9s de un comportamiento inesperado donde las solicitudes de URL relativas a la ruta se procesan como URL relativas al protocolo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.3.2\",\"versionEndExcluding\":\"1.7.4\",\"matchCriteriaId\":\"0E33FE39-26A6-43B8-ACBC-A4F78BAC7A1B\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/releases\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2024_8014
Vulnerability from csaf_redhat
Published
2024-10-22 01:05
Modified
2024-11-08 20:38
Summary
Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift
Notes
Topic
Network Observability 1.7 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Network Observability 1.7.0
Security Fix(es):
* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)
* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)
* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)
* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)
* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
* Network Observability: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.7 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.7.0\n\nSecurity Fix(es):\n\n* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)\n* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)\n* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)\n* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)\n* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n* Network Observability: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8014",
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "NETOBSERV-1377",
"url": "https://issues.redhat.com/browse/NETOBSERV-1377"
},
{
"category": "external",
"summary": "NETOBSERV-1509",
"url": "https://issues.redhat.com/browse/NETOBSERV-1509"
},
{
"category": "external",
"summary": "NETOBSERV-1538",
"url": "https://issues.redhat.com/browse/NETOBSERV-1538"
},
{
"category": "external",
"summary": "NETOBSERV-1540",
"url": "https://issues.redhat.com/browse/NETOBSERV-1540"
},
{
"category": "external",
"summary": "NETOBSERV-1564",
"url": "https://issues.redhat.com/browse/NETOBSERV-1564"
},
{
"category": "external",
"summary": "NETOBSERV-163",
"url": "https://issues.redhat.com/browse/NETOBSERV-163"
},
{
"category": "external",
"summary": "NETOBSERV-1666",
"url": "https://issues.redhat.com/browse/NETOBSERV-1666"
},
{
"category": "external",
"summary": "NETOBSERV-1667",
"url": "https://issues.redhat.com/browse/NETOBSERV-1667"
},
{
"category": "external",
"summary": "NETOBSERV-1733",
"url": "https://issues.redhat.com/browse/NETOBSERV-1733"
},
{
"category": "external",
"summary": "NETOBSERV-1746",
"url": "https://issues.redhat.com/browse/NETOBSERV-1746"
},
{
"category": "external",
"summary": "NETOBSERV-1748",
"url": "https://issues.redhat.com/browse/NETOBSERV-1748"
},
{
"category": "external",
"summary": "NETOBSERV-1753",
"url": "https://issues.redhat.com/browse/NETOBSERV-1753"
},
{
"category": "external",
"summary": "NETOBSERV-1766",
"url": "https://issues.redhat.com/browse/NETOBSERV-1766"
},
{
"category": "external",
"summary": "NETOBSERV-1779",
"url": "https://issues.redhat.com/browse/NETOBSERV-1779"
},
{
"category": "external",
"summary": "NETOBSERV-1783",
"url": "https://issues.redhat.com/browse/NETOBSERV-1783"
},
{
"category": "external",
"summary": "NETOBSERV-1788",
"url": "https://issues.redhat.com/browse/NETOBSERV-1788"
},
{
"category": "external",
"summary": "NETOBSERV-1798",
"url": "https://issues.redhat.com/browse/NETOBSERV-1798"
},
{
"category": "external",
"summary": "NETOBSERV-1805",
"url": "https://issues.redhat.com/browse/NETOBSERV-1805"
},
{
"category": "external",
"summary": "NETOBSERV-1806",
"url": "https://issues.redhat.com/browse/NETOBSERV-1806"
},
{
"category": "external",
"summary": "NETOBSERV-1808",
"url": "https://issues.redhat.com/browse/NETOBSERV-1808"
},
{
"category": "external",
"summary": "NETOBSERV-1811",
"url": "https://issues.redhat.com/browse/NETOBSERV-1811"
},
{
"category": "external",
"summary": "NETOBSERV-1812",
"url": "https://issues.redhat.com/browse/NETOBSERV-1812"
},
{
"category": "external",
"summary": "NETOBSERV-1813",
"url": "https://issues.redhat.com/browse/NETOBSERV-1813"
},
{
"category": "external",
"summary": "NETOBSERV-1816",
"url": "https://issues.redhat.com/browse/NETOBSERV-1816"
},
{
"category": "external",
"summary": "NETOBSERV-1819",
"url": "https://issues.redhat.com/browse/NETOBSERV-1819"
},
{
"category": "external",
"summary": "NETOBSERV-1848",
"url": "https://issues.redhat.com/browse/NETOBSERV-1848"
},
{
"category": "external",
"summary": "NETOBSERV-1884",
"url": "https://issues.redhat.com/browse/NETOBSERV-1884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8014.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift",
"tracking": {
"current_release_date": "2024-11-08T20:38:25+00:00",
"generator": {
"date": "2024-11-08T20:38:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:8014",
"initial_release_date": "2024-10-22T01:05:39+00:00",
"revision_history": [
{
"date": "2024-10-22T01:05:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-22T01:05:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-08T20:38:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.7 for RHEL 9",
"product": {
"name": "NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:06.929766+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310527"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "RHBZ#2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://go.dev/cl/611238",
"url": "https://go.dev/cl/611238"
},
{
"category": "external",
"summary": "https://go.dev/issue/69138",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3105",
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"release_date": "2024-09-06T21:15:11.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-34158",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2024-09-06T21:20:12.126400+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310529"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "RHBZ#2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://go.dev/cl/611240",
"url": "https://go.dev/cl/611240"
},
{
"category": "external",
"summary": "https://go.dev/issue/69141",
"url": "https://go.dev/issue/69141"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3107",
"url": "https://pkg.go.dev/vuln/GO-2024-3107"
}
],
"release_date": "2024-09-06T21:15:12.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-16T19:20:09.863249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: XSS vulnerability via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45801"
},
{
"category": "external",
"summary": "RHBZ#2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
}
],
"release_date": "2024-09-16T19:16:11.080000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: XSS vulnerability via prototype pollution"
}
]
}
rhsa-2024_6209
Vulnerability from csaf_redhat
Published
2024-09-03 10:04
Modified
2024-11-08 20:20
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.4.10
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)
* ECDSA signature malleability due to missing checks (CVE-2024-42460)
* ECDSA implementation malleability due to BER-enconded signatures being allowed (CVE-2024-42461)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.4.10\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)\n* ECDSA signature malleability due to missing checks (CVE-2024-42460)\n* ECDSA implementation malleability due to BER-enconded signatures being allowed (CVE-2024-42461)\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6209",
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6209.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update",
"tracking": {
"current_release_date": "2024-11-08T20:20:15+00:00",
"generator": {
"date": "2024-11-08T20:20:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:6209",
"initial_release_date": "2024-09-03T10:04:55+00:00",
"revision_history": [
{
"date": "2024-09-03T10:04:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-03T10:04:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-08T20:20:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.4 for RHEL 8",
"product": {
"name": "RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-42459",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:12+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn\u0027t properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42459"
},
{
"category": "external",
"summary": "RHBZ#2302458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check"
},
{
"cve": "CVE-2024-42460",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:14+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42460"
},
{
"category": "external",
"summary": "RHBZ#2302459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks"
},
{
"cve": "CVE-2024-42461",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:17+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42461"
},
{
"category": "external",
"summary": "RHBZ#2302460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed"
}
]
}
rhsa-2024_6211
Vulnerability from csaf_redhat
Published
2024-09-03 10:05
Modified
2024-11-08 20:27
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.6.1
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.6.1\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6211",
"url": "https://access.redhat.com/errata/RHSA-2024:6211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "OSSM-6857",
"url": "https://issues.redhat.com/browse/OSSM-6857"
},
{
"category": "external",
"summary": "OSSM-8006",
"url": "https://issues.redhat.com/browse/OSSM-8006"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6211.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update",
"tracking": {
"current_release_date": "2024-11-08T20:27:52+00:00",
"generator": {
"date": "2024-11-08T20:27:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:6211",
"initial_release_date": "2024-09-03T10:05:20+00:00",
"revision_history": [
{
"date": "2024-09-03T10:05:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-03T10:05:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-08T20:27:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 8",
"product": {
"name": "RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
},
{
"category": "product_name",
"name": "RHOSSM 2.6 for RHEL 9",
"product": {
"name": "RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.89.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.6.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.89.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.89.1-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"product": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.6.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.6.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=2.6.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.6.1-6"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64 as a component of RHOSSM 2.6 for RHEL 8",
"product_id": "8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64 as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x as a component of RHOSSM 2.6 for RHEL 9",
"product_id": "9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x",
"relates_to_product_reference": "9Base-RHOSSM-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4067",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280601"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NPM package `micromatch` where it is vulnerable to a regular expression denial of service (ReDoS). The issue occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn\u0027t find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won\u0027t start backtracking the regular expression due to greedy matching.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "micromatch: vulnerable to Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4067"
},
{
"category": "external",
"summary": "RHBZ#2280601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4067"
},
{
"category": "external",
"summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/",
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448",
"url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/issues/243",
"url": "https://github.com/micromatch/micromatch/issues/243"
},
{
"category": "external",
"summary": "https://github.com/micromatch/micromatch/pull/247",
"url": "https://github.com/micromatch/micromatch/pull/247"
}
],
"release_date": "2023-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "micromatch: vulnerable to Regular Expression Denial of Service"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "braces: fails to limit the number of characters it can handle",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "RHBZ#2280600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068"
},
{
"category": "external",
"summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/",
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/"
},
{
"category": "external",
"summary": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308",
"url": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308"
},
{
"category": "external",
"summary": "https://github.com/micromatch/braces/issues/35",
"url": "https://github.com/micromatch/braces/issues/35"
}
],
"release_date": "2024-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "braces: fails to limit the number of characters it can handle"
},
{
"cve": "CVE-2024-29041",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2290901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: cause malformed URLs to be evaluated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29041"
},
{
"category": "external",
"summary": "RHBZ#2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
},
{
"category": "external",
"summary": "https://expressjs.com/en/4x/api.html#res.location",
"url": "https://expressjs.com/en/4x/api.html#res.location"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/pull/5539",
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"category": "external",
"summary": "https://github.com/koajs/koa/issues/1800",
"url": "https://github.com/koajs/koa/issues/1800"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6211"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "express: cause malformed URLs to be evaluated"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:41381d57cb559e69b1954c25993ac4ce00d2d2732a13bb80a2aa908f9b6c05e5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:5cffbe9de3dbc2af5539fbea83463c38bb1ac39d84e0b60ce0cd82fd339d376f_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:b1b12b545f5567b3f7d891916be9dbfe415c34c6d4e3332f3d7946e1db7f8052_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/grafana-rhel8@sha256:df94fe7da914ba3b66b1390c196c9af1fd7e3bc25b66b4546def1f76bab0847e_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:5d7a394e499391e98b93e9f87c6757d4cbc814ecb223b6a081448330676a7d28_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:6e4f82351d5e6015a4ab90b5143c2ab6b01ba3b4d5ad8bc47fde76d0f507a3a2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:a255acbe7b48a3f366195cfede643d3789d47eb2b9ad877f7388e46427dcf056_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-cni-rhel8@sha256:b192218ada6421208ea7deddc7edb10317af79772942a3f443c1578576986df5_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:49910e92876864d013a4da28de10a9ea2df1080fc65c838317804f94cf589edf_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:9dd2c8a6c4b1d45cf24669f322c33ab9e80ed4b7245004f7b938e89cb1c3a775_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:c29144a75a9b498719ba0abc4870718ee5e5e2efa488e887f963876e35c81036_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-must-gather-rhel8@sha256:d84893b05420f046f74bd9372f4f3497c62b858bf348092741dea5d581bd4110_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:3bb9d82a03c20aaa9bacb4351637771c9b0bb40687b13b67bab9facd9fc8f2b1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:833c0d9fa006db72126475a0d5255ced1d1e53aeb28e880e1ccc2694a22fac5f_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f2f7144831d63df014fe8092daddefc0b2e18155495e02ebc6c1118820e00af0_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/istio-rhel8-operator@sha256:f9b28bb240d0babd614dc8178b1267a6b61ab6fd9601af1a54d8077d05166f88_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:0a72b04272f48c8719c62c2bab8d15f2db701c9e2eb5bf0f2ef73efd83ea2af2_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9b422db8e9ff68046ce8040f18a369dd2f2cf5d12b458b9d151f14149892ead1_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c1bfb4985d4fd88f8335e5efb90f8ae5e57607337c926ac53cabc1cd51224eee_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-ossmc-rhel8@sha256:c693ac963582054ed65bf79593a621269532df05250698b3b2906228524c2766_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:1302bf62e8ff1f0e16f048144db723668640c42284f054fe68f181b694a87ba1_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:424d7f84c30efa40b8379bc64d83dc08dd7b2e1d68e6fb5d4a380a39b110be84_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:a94be7f7a94e6981f268808440c99e0487c2da9ffa883e880aed07bf059d80c2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8-operator@sha256:d9fd6af41cc7909cdab2180ba9bde0896f457fbc6cf247a450b6dac78539cc55_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:12be4945a9160354ff7d794168bfa106e6d2410daee1098a29e6cd191022a44d_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:37026371bcf4835d49a1167963bbba762de7cb60ffd037f4601b6bce7976984d_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:74ddab8bc38b4b7dd59076da34058781132a501b1b89156ce543f39cfff05985_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/kiali-rhel8@sha256:9dd33d710aa03025bd8db8bf1434d52d56077f71fc730cfbada0bbddf05d4336_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:078adc26665a857c8c007a9d5db1678c4cdc53a915fd7987a495f2349ab7345a_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:4fc6ffbeb886713cf13727639602564f4a190bee44740f22c750d27eccf6ec01_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:55dd5d3d0dee4fe619e08e017b0e3d7745a6fef6bc044394eb03c46d9e12e4f2_amd64",
"8Base-RHOSSM-2.6:openshift-service-mesh/pilot-rhel8@sha256:8c870f49e4ce8f91118899ac843987f6ee95c08ec85d15bb7acc53a73903eb9a_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:0031860e17e27de522a6060a3ff990a77e23aea6312fd5132afb6da3d3260ef7_arm64",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:06bde71c0830f9d5876c2d68a3d74e71152b3f24883a76f70ec82a7ca85aea2f_s390x",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:8363297c1a1294a204af48b97da703f97514aa92cbe584f17e7b81b49cf40015_ppc64le",
"8Base-RHOSSM-2.6:openshift-service-mesh/ratelimit-rhel8@sha256:ee50c8fad74b26357c169b97840d44f050b931ccb80f9cb930bbbed67bb681c0_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:212785428b395c0f3aa628e7c218c3d8a7bd256cc255ca7ea6bd234f70c06754_arm64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:2ed644ec1f74c998d0b4953e527307e39a15fdfbb4baeecc0715d418874f7f70_amd64",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:a0df5db3e9cced245da7ad51f8557df94d37d1701525b02feb9ee62cfd72a440_ppc64le",
"9Base-RHOSSM-2.6:openshift-service-mesh/proxyv2-rhel9@sha256:f493485f1d73bd3144a26803bcd1fc7ba4d5b5487eb4dcb455f9c97c8e54ba97_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
}
]
}
rhsa-2024_7164
Vulnerability from csaf_redhat
Published
2024-09-26 03:46
Modified
2024-11-08 20:57
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.8.4 is now available.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
* express: cause malformed URLs to be evaluated (CVE-2024-29041)
* axios: axios: Server-Side Request Forgery (CVE-2024-39338)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
* follow-redirects: Possible credential leak (CVE-2024-28849)
* moby: external DNS requests from 'internal' networks could lead to data exfiltration (CVE-2024-29018)
* containers/image: digest type does not guarantee valid type (CVE-2024-3727)
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* braces: fails to limit the number of characters it can handle (CVE-2024-4068)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.8.4 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)\n\n* express: cause malformed URLs to be evaluated (CVE-2024-29041)\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\n* follow-redirects: Possible credential leak (CVE-2024-28849)\n\n* moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration (CVE-2024-29018)\n\n* containers/image: digest type does not guarantee valid type (CVE-2024-3727)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* braces: fails to limit the number of characters it can handle (CVE-2024-4068)\n\n* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7164",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2270591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2274767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
},
{
"category": "external",
"summary": "2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "2280600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600"
},
{
"category": "external",
"summary": "2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "2293200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293200"
},
{
"category": "external",
"summary": "2295302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295302"
},
{
"category": "external",
"summary": "2299624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299624"
},
{
"category": "external",
"summary": "2299625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299625"
},
{
"category": "external",
"summary": "2299628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299628"
},
{
"category": "external",
"summary": "2299668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299668"
},
{
"category": "external",
"summary": "MIG-1592",
"url": "https://issues.redhat.com/browse/MIG-1592"
},
{
"category": "external",
"summary": "MIG-1593",
"url": "https://issues.redhat.com/browse/MIG-1593"
},
{
"category": "external",
"summary": "MIG-1598",
"url": "https://issues.redhat.com/browse/MIG-1598"
},
{
"category": "external",
"summary": "MIG-1610",
"url": "https://issues.redhat.com/browse/MIG-1610"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7164.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.4 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-08T20:57:08+00:00",
"generator": {
"date": "2024-11-08T20:57:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:7164",
"initial_release_date": "2024-09-26T03:46:53+00:00",
"revision_history": [
{
"date": "2024-09-26T03:46:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-26T03:46:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-08T20:57:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.8",
"product": {
"name": "8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.8.4-22"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.8.4-8"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.8.4-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.8.4-16"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.8.4-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.8.4-16"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.8.4-33"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.8.4-11"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.8.4-9"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.8.4-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8\u0026tag=v1.8.4-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64 as a component of 8Base-RHMTC-1.8",
"product_id": "8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25211",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2024-07-02T21:00:45+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295302"
}
],
"notes": [
{
"category": "description",
"text": "parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/* is allowed when the intention is that only https://example.com/* should be allowed, and http://localhost.example.com/* is allowed when the intention is that only http://localhost/* should be allowed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-25211"
},
{
"category": "external",
"summary": "RHBZ#2295302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295302"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-25211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25211"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-869c-j7wc-8jqv",
"url": "https://github.com/advisories/GHSA-869c-j7wc-8jqv"
},
{
"category": "external",
"summary": "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d",
"url": "https://github.com/gin-contrib/cors/commit/27b723a473efd80d5a498fa9f5933c80204c850d"
},
{
"category": "external",
"summary": "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0",
"url": "https://github.com/gin-contrib/cors/compare/v1.5.0...v1.6.0"
},
{
"category": "external",
"summary": "https://github.com/gin-contrib/cors/pull/106",
"url": "https://github.com/gin-contrib/cors/pull/106"
},
{
"category": "external",
"summary": "https://github.com/gin-contrib/cors/pull/57",
"url": "https://github.com/gin-contrib/cors/pull/57"
},
{
"category": "external",
"summary": "https://github.com/gin-contrib/cors/releases/tag/v1.6.0",
"url": "https://github.com/gin-contrib/cors/releases/tag/v1.6.0"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/gin-contrib/cors: Gin mishandles a wildcard in the origin string in github.com/gin-contrib/cors"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2024-3727",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-04-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2274767"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "containers/image: digest type does not guarantee valid type",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Some conditions are necessary for this attack to occur, such as the attacker being able to upload malicious images to the registry and persuade a victim to pull them. Hence, the severity of this flaw was rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "RHBZ#2274767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274767"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3727"
}
],
"release_date": "2024-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "containers/image: digest type does not guarantee valid type"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "braces: fails to limit the number of characters it can handle",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "RHBZ#2280600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4068"
},
{
"category": "external",
"summary": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/",
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4068/"
},
{
"category": "external",
"summary": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308",
"url": "https://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308"
},
{
"category": "external",
"summary": "https://github.com/micromatch/braces/issues/35",
"url": "https://github.com/micromatch/braces/issues/35"
}
],
"release_date": "2024-03-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "braces: fails to limit the number of characters it can handle"
},
{
"cve": "CVE-2024-24788",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-05-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: malformed DNS message can cause infinite loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24788"
},
{
"category": "external",
"summary": "RHBZ#2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2824",
"url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: malformed DNS message can cause infinite loop"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-28863",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-06-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293200"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ISAACS\u0027s node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: denial of service while parsing a tar file due to lack of folders depth validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28863"
},
{
"category": "external",
"summary": "RHBZ#2293200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28863"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240524-0005/",
"url": "https://security.netapp.com/advisory/ntap-20240524-0005/"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: denial of service while parsing a tar file due to lack of folders depth validation"
},
{
"cve": "CVE-2024-29018",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270591"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Moby due to excessive data output in external DNS requests from \"internal\" networks, enabling unauthorized access to sensitive system information by remote attackers. This flaw allows attackers to gain access to sensitive information by exploiting incorrect resource transfer between spheres through specially crafted requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29018"
},
{
"category": "external",
"summary": "RHBZ#2270591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/pull/46609",
"url": "https://github.com/moby/moby/pull/46609"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx",
"url": "https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "moby: external DNS requests from \u0027internal\u0027 networks could lead to data exfiltration"
},
{
"cve": "CVE-2024-29041",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-06-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2290901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: cause malformed URLs to be evaluated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29041"
},
{
"category": "external",
"summary": "RHBZ#2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
},
{
"category": "external",
"summary": "https://expressjs.com/en/4x/api.html#res.location",
"url": "https://expressjs.com/en/4x/api.html#res.location"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/pull/5539",
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"category": "external",
"summary": "https://github.com/koajs/koa/issues/1800",
"url": "https://github.com/koajs/koa/issues/1800"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "express: cause malformed URLs to be evaluated"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-26T03:46:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-controller-rhel8@sha256:a4025dfcd79bcb22e2ab91e1bc027c200f9c2741ed2c3a576a64cb24084c584e_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-hook-runner-rhel8@sha256:419c11ecd25664d16f77aec6589c9fa183832947766f75575dfab4bc059fe876_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-log-reader-rhel8@sha256:6886c4d68d7c6100b5eb7239ae8ce14871403a71ce69b35c42c0ce238b32ff87_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-must-gather-rhel8@sha256:08bb8048bb9fc00ba84e846fce7ce3e37506fbadf077b487c1d3d2dd607b2277_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-openvpn-rhel8@sha256:1e0cf80fab89615624cf7f9f62e72e161af4143ed1d6245db45f09ba8382dbc4_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-operator-bundle@sha256:9616b52c1d745b7bf37c0237a6cd2cde9a1d9e8dbfdb5e5cb49504805e706065_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-registry-rhel8@sha256:c7f229ac51306d667f9b766fb1a464686fa47eb06d5658dbe4977e25b4877b20_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rhel8-operator@sha256:79c957509adaff575917d1e70ec25965a4230c0a2deb9cd9007089dfc3ec39cc_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b556472a46fbac2508b8f36b975c8fdb26a77a2fc8bd43b2667f9151bf1cbc3f_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64",
"8Base-RHMTC-1.8:rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:8765eb907963a6677c1af44dee1168d635d243824396f73c829697b1582046e9_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.8:rhmtc/openshift-migration-ui-rhel8@sha256:db4903f395697e2eb244a0251ec1a5f89b12434501cb56889f2af37770f95f58_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
}
]
}
rhsa-2024_6210
Vulnerability from csaf_redhat
Published
2024-09-03 10:05
Modified
2024-11-06 08:13
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.4 security update
Notes
Topic
Red Hat OpenShift Service Mesh Containers for 2.5.4
Red Hat Product Security has rated this update as having a security impact of
Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)
* ECDSA signature malleability due to missing checks (CVE-2024-42460)
* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42461)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.5.4 \n\nRed Hat Product Security has rated this update as having a security impact of\nLow. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)\n* ECDSA signature malleability due to missing checks (CVE-2024-42460)\n* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42461)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6210",
"url": "https://access.redhat.com/errata/RHSA-2024:6210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "OSSM-6766",
"url": "https://issues.redhat.com/browse/OSSM-6766"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6210.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.4 security update",
"tracking": {
"current_release_date": "2024-11-06T08:13:15+00:00",
"generator": {
"date": "2024-11-06T08:13:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:6210",
"initial_release_date": "2024-09-03T10:05:02+00:00",
"revision_history": [
{
"date": "2024-09-03T10:05:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-03T10:05:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T08:13:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.5 for RHEL 8",
"product": {
"name": "RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.73.13-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.5.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.73.14-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.5.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.5.4-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.73.13-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.5.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.73.14-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.5.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.5.4-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.73.13-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.5.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.73.14-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.5.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.5.4-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"product_id": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8\u0026tag=1.73.13-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.5.4-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.73.14-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.5.4-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.5.4-2"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.5.4-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64 as a component of RHOSSM 2.5 for RHEL 8",
"product_id": "8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-42459",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:12+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn\u0027t properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42459"
},
{
"category": "external",
"summary": "RHBZ#2302458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check"
},
{
"cve": "CVE-2024-42460",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:14+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42460"
},
{
"category": "external",
"summary": "RHBZ#2302459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks"
},
{
"cve": "CVE-2024-42461",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:17+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42461"
},
{
"category": "external",
"summary": "RHBZ#2302460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:05:02+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:0e5a5f9e98b1181a4624abaeae779a52a9f23b885bf5c49b501cb89b47ea57e8_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:650a7a328845a5614844e5121d3fb643860f851985c263759d8b3fc4d3837fed_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:880dc5db1971ed397af223519a8a43b513dbba90eae5fd09f173b0051f159c22_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/grafana-rhel8@sha256:a64c67b2bb9cddc99836dd93c169043b3ee048cfca7d7ad4ec28fada75c3240a_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:30451a29ff2f14bf8c4f210ebf000679ce0ffa4af5fb6d7e931402ca4c0698f6_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:3c32da67d342a74b171f28049ff997014ed7ba4a9a63bcddf1bcd4761df91d6d_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:4de88f118f7f0f9c82dedb534d2201a969a6eb7129862fbe99d977619346a91e_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-cni-rhel8@sha256:7e8ec2e701f32afd8502a40809cf7d707679cfc7bced4b7545d4c828617809ba_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:10a472f7556e95753ed1ed78e68107539a4fa21edd99c5c971442ad9f8ea6160_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:2fa038769856650e23d56871f3b9746f82f7b1d0ae20287779e4d8c895642212_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:95a0d1e8765e6e983635c0ed5e7ba7c5ce8deaa3f702d41557b7cce20755f997_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/istio-must-gather-rhel8@sha256:fcceb12b4878f180a9e4263c22e04a3b048a88951b9b4dbf735dc59bbe92cedc_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:55220093363a18cdb2da2183df4c645831c20a070fae3ffa8ddb163cd1a0dd1c_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:9e39df1296cd22c9ee4c9fe291bd8d2555466d212a32047b3f6c64ca993563f0_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:ce777a4c38bef7988300446caaea03e9eef9ea6e5260a9558e09af81a9b866b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-ossmc-rhel8@sha256:e12ca81c2bf4f7d29444833e92a06eec5da433e931803e89c5315fa61afa0f04_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:68588cd4073be83b9e42fbde29656bbb9e007b53c47d1b943d19aebe624e61c1_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:8a1dbff7cea816ea96546e6d1647b5ab439c85ec2a76c3d74dadb462da71000f_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:c07e3a2ac395e06468105553dce097334f262c3f94d96cafc500660ed29eb91d_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/kiali-rhel8@sha256:e2be27500e84f830a79c1a8f141d9efb33bd02464239e5611b6e1aafa82af302_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:0ffb28605471f52ffb11c090e3ac49c58ee96a6dc4fe13d851ee8a647e413f15_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:28dd159630562c2cf106fd9c90ee2f0eb6c27eb20f44a0ad89aa62df28ba5686_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:4346d91114d23b5e794c67fff10560730b51a38376cdbae0787c4d9cde7a419a_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/pilot-rhel8@sha256:977f445a5a4e5cab65df2ea078ff36b58c25198ee914e5aa7e91533e1d9b7cb5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:30735e400419bb8c08bfcdc302d3ab97786e7825e89f604e3f6a1f42d727e3ca_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:99cdf691126ba1bd8c3f0279a95dda1c8c76fe257a72f59a479a926a0ac7eba5_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:cbf2da4bfb39ff37c0028bbcae621b5e8e37e32f8b7c622139fbce3f1cc0f8de_arm64",
"8Base-RHOSSM-2.5:openshift-service-mesh/proxyv2-rhel8@sha256:f4ae7819aab6a853500b54577955ec9433280b1d839b145971a3a1764a59b52c_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:1b33e9cab1b582ad850c95a008c23065a917a53b82d540680884da19e12b99b2_amd64",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:5960f10bd4d8367edaa123af5adc2186408c21cdf547ce623796a41647269590_s390x",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:9df5c5f0b8760d015216140a11ca25cb36dd77a51d8a1804670f942cf5372803_ppc64le",
"8Base-RHOSSM-2.5:openshift-service-mesh/ratelimit-rhel8@sha256:fcaf1df1c9c3b91a3a8342fb1ee44f1928f4d5adc168435dafb72c0ab0a7e124_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed"
}
]
}
rhsa-2024_8023
Vulnerability from csaf_redhat
Published
2024-10-14 00:59
Modified
2024-11-08 20:25
Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.34.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* axios: axios: Server-Side Request Forgery (CVE-2024-39338)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
* io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)
* io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Logic 1.34.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release includes security, bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n* axios: axios: Server-Side Request Forgery (CVE-2024-39338)\n\n* express: Improper Input Handling in Express Redirects (CVE-2024-43796)\n\n* io.vertx/vertx-grpc-client: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)\n\n* io.vertx/vertx-grpc-server: Vertx gRPC server does not limit the maximum message size (CVE-2024-8391)\n\n* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n\n* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)\n\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8023",
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2309758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309758"
},
{
"category": "external",
"summary": "2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8023.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.34.0 security update \u0026 enhancements",
"tracking": {
"current_release_date": "2024-11-08T20:25:23+00:00",
"generator": {
"date": "2024-11-08T20:25:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:8023",
"initial_release_date": "2024-10-14T00:59:58+00:00",
"revision_history": [
{
"date": "2024-10-14T00:59:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-14T00:59:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-08T20:25:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-Openshift-Serverless-1.34",
"product": {
"name": "8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.34::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.34.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"product": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.34.0-2"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.34.0-5"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.34.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.34.0-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64"
},
"product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.34"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64 as a component of 8Base-Openshift-Serverless-1.34",
"product_id": "8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.34"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8391",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-04T16:20:44.762419+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2309758"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8391"
},
{
"category": "external",
"summary": "RHBZ#2309758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8391"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vertx-grpc/issues/113",
"url": "https://github.com/eclipse-vertx/vertx-grpc/issues/113"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/31"
}
],
"release_date": "2024-09-04T16:15:09.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-grpc-client: io.vertx:vertx-grpc-server: Vertx gRPC server does not limit the maximum message size"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-14T00:59:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8023"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:94ce5f16f364c6bf82c2aa19fcca31252c0d2f49478b8f85509db11744319eb2_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:ad91aeedfc1a9b9bfdbd12a3c677e1c48105390bff94a7cf979f0819f62a6054_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:e8835e2bc0797b374b3df1954a641548e3b68ae87e9e361af958510d8a53cb03_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:2d2df1b94c764a5c7ad3a4e6f1815c5a6aca97bb18a7af8f131847ee8ef72da7_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:64e31d00bfe2b447a7453f65ef623438c9f639aec6b080d2800734e30ba3dc03_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:8a426b45b19ff2e4e60fc8549867bb197d40facc2fb2bf9bb18602b25eaaec64_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:85869a28f42e085162ef2fb923a82f5eb98aeb814917b3bcbaaaf9f0f5b618b6_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:8ae440545e8279872ef9bc067759058e0e1fdb1ddd3ddc65256ee6168d8387b1_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:c4eaadd36a466917c4892973880b1a0bd0f9f8f3ee6ead074005181a4d10829a_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:0a59dd2b44a7bfa278b681479adc939cca2f659a0c72f756d20101f8abd31fbe_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:1f9af9106baea114fa4925ad83b4e7a78a5ef18a03ddf5c0e320ec1fcc4a897f_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:c01aa1d30898b14e49d0dcfa17b09a47af8be48060ac4c5c7d5c9aaabf02534b_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:600ec68c5a02591b7e91e7d68624780b64d93ec38df96e7b0ec7585860553c47_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:787b96f329f6eaa2d7090c6cc9564ef074ecc17dcd4edde245fd6e2c17706fd1_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-management-console-rhel8@sha256:34326328e976b3aeaed0e30aa8c6d5b3e05a3cb61a65f24646c5bedf4254c442_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:65e38cb16fb23ce575e2461ef6a45ed12d7fc506570ff43a6143b31c81d0a4ba_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:92183a5a74862220bf4d2099e4cc7528dcaa460be24ec3e41ad22d94a1305314_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-operator-bundle@sha256:e5e2e0bf4ba63e8c16b711ea23fdf65544f7ed95270828f59020e68351baf766_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:4df659da0c41c40be3baeae236250a210d4e21006fcb3b9e12b6bb033953cc78_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:86085a6e571ebc3fb071823ecf55d84912de3da11a881fc725a47065945bbe28_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-rhel8-operator@sha256:a8a20d7324a8cfc7b7c770e0f2c57586526b96cb53cc4356bf0fa3040a1794fb_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:11820bec2d06cb35ae97955a6ecbb6446dae133b12438387668b56ea9a9cd391_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:173f51cd9894077b1c413b0511583cbfa70972f620e2dde8809dce30c4f274c0_arm64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-builder-rhel8@sha256:3e1171783be9b5d6f673a730a339ea415b0dae44506b682a725889439855c91e_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:73da4612443c573d96937ed8f97f9d2eb4b9fa82a51b2d932b46e8a6b76aac4d_amd64",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:75a5f90c7e4ba64ca4713a0cdd505a4715af9c0ad85a4bb88513b6d9a362ae36_ppc64le",
"8Base-RHOSS-1.34:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c55f775978f92125dac837d72a901d3c2d9bb0b17db5a51ac59127a89d2a5fe9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
}
]
}
rhsa-2024_6667
Vulnerability from csaf_redhat
Published
2024-09-12 21:30
Modified
2024-11-06 06:56
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6667",
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "CRW-6868",
"url": "https://issues.redhat.com/browse/CRW-6868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release",
"tracking": {
"current_release_date": "2024-11-06T06:56:37+00:00",
"generator": {
"date": "2024-11-06T06:56:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2024:6667",
"initial_release_date": "2024-09-12T21:30:49+00:00",
"revision_history": [
{
"date": "2024-09-12T21:30:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-12T21:30:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T06:56:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_id": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_id": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_id": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_id": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_id": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_id": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-10-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2154086"
}
],
"notes": [
{
"category": "description",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okhttp: information disclosure via improperly used cryptographic function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0341"
},
{
"category": "external",
"summary": "RHBZ#2154086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
},
{
"category": "external",
"summary": "https://source.android.com/security/bulletin/2021-02-01",
"url": "https://source.android.com/security/bulletin/2021-02-01"
}
],
"release_date": "2021-02-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "okhttp: information disclosure via improperly used cryptographic function"
},
{
"cve": "CVE-2023-3635",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2229295"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "okio: GzipSource class improper exception handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3635"
},
{
"category": "external",
"summary": "RHBZ#2229295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
}
],
"release_date": "2023-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "okio: GzipSource class improper exception handling"
},
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22234"
},
{
"category": "external",
"summary": "RHBZ#2265172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2024-22234",
"url": "https://spring.io/security/cve-2024-22234"
}
],
"release_date": "2024-02-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
},
{
"cve": "CVE-2024-30260",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30260"
},
{
"category": "external",
"summary": "RHBZ#2273522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
},
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-12T21:30:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
}
]
}
ghsa-8hc4-vh64-cxmj
Vulnerability from github
Published
2024-08-12 15:30
Modified
2024-08-13 19:53
Summary
Server-Side Request Forgery in axios
Details
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.7.3"
},
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.2"
},
{
"fixed": "1.7.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-39338"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-12T17:26:43Z",
"nvd_published_at": "2024-08-12T13:38:24Z",
"severity": "HIGH"
},
"details": "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.",
"id": "GHSA-8hc4-vh64-cxmj",
"modified": "2024-08-13T19:53:23Z",
"published": "2024-08-12T15:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/issues/6463"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/6539"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/6543"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.7.4"
},
{
"type": "WEB",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Server-Side Request Forgery in axios"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.