Action not permitted
Modal body text goes here.
cve-2024-45801
Vulnerability from cvelistv5
Published
2024-09-16 18:25
Modified
2024-09-16 20:04
Severity ?
EPSS score ?
Summary
Tampering by prototype polution in DOMPurify
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45801", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T20:04:30.471934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T20:04:47.181Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "DOMPurify", "vendor": "cure53", "versions": [ { "status": "affected", "version": "\u003c 2.5.4" }, { "status": "affected", "version": "\u003e=3.0.0, \u003c 3.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333: Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T18:25:28.065Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" }, { "name": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "name": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" } ], "source": { "advisory": "GHSA-mmhx-hmjr-r674", "discovery": "UNKNOWN" }, "title": "Tampering by prototype polution in DOMPurify" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-45801", "datePublished": "2024-09-16T18:25:28.065Z", "dateReserved": "2024-09-09T14:23:07.503Z", "dateUpdated": "2024-09-16T20:04:47.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-45801\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-16T19:16:11.080\",\"lastModified\":\"2024-09-20T12:31:20.110\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"DOMPurify es un desinfectante XSS ultrarr\u00e1pido, ultratolerante y exclusivo de DOM para HTML, MathML y SVG. Se ha descubierto que el HTML malicioso que utiliza t\u00e9cnicas de anidaci\u00f3n especiales puede eludir la comprobaci\u00f3n de profundidad agregada a DOMPurify en versiones recientes. Tambi\u00e9n fue posible utilizar Prototype Pollution para debilitar la comprobaci\u00f3n de profundidad. Esto hace que dompurify no pueda evitar los ataques de cross site scripting (XSS). Este problema se ha solucionado en las versiones 2.5.4 y 3.1.3 de DOMPurify. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674\",\"source\":\"security-advisories@github.com\"}]}}" } }
ghsa-mmhx-hmjr-r674
Vulnerability from github
Published
2024-09-16 20:34
Modified
2024-09-16 22:37
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
8.3 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
8.3 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Summary
DOMPurify allows tampering by prototype pollution
Details
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.
This renders dompurify unable to avoid XSS attack.
Fixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).
{ "affected": [ { "package": { "ecosystem": "npm", "name": "dompurify" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.5.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "npm", "name": "dompurify" }, "ranges": [ { "events": [ { "introduced": "3.0.0" }, { "fixed": "3.1.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-45801" ], "database_specific": { "cwe_ids": [ "CWE-1321", "CWE-1333" ], "github_reviewed": true, "github_reviewed_at": "2024-09-16T20:34:26Z", "nvd_published_at": "2024-09-16T19:16:11Z", "severity": "HIGH" }, "details": "It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.\n\nThis renders dompurify unable to avoid XSS attack.\n\nFixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).", "id": "GHSA-mmhx-hmjr-r674", "modified": "2024-09-16T22:37:33Z", "published": "2024-09-16T20:34:26Z", "references": [ { "type": "WEB", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801" }, { "type": "WEB", "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "type": "WEB", "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" }, { "type": "PACKAGE", "url": "https://github.com/cure53/DOMPurify" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "DOMPurify allows tampering by prototype pollution" }
rhsa-2024_8014
Vulnerability from csaf_redhat
Published
2024-10-22 01:05
Modified
2024-11-08 20:38
Summary
Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift
Notes
Topic
Network Observability 1.7 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Network Observability 1.7.0
Security Fix(es):
* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)
* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)
* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)
* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)
* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
* Network Observability: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Network Observability 1.7 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Network Observability 1.7.0\n\nSecurity Fix(es):\n\n* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)\n* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)\n* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)\n* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)\n* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n* Network Observability: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:8014", "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "2310529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529" }, { "category": "external", "summary": "2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "2311152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152" }, { "category": "external", "summary": "2311153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153" }, { "category": "external", "summary": "2311154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154" }, { "category": "external", "summary": "2311171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171" }, { "category": "external", "summary": "2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "external", "summary": "NETOBSERV-1377", "url": "https://issues.redhat.com/browse/NETOBSERV-1377" }, { "category": "external", "summary": "NETOBSERV-1509", "url": "https://issues.redhat.com/browse/NETOBSERV-1509" }, { "category": "external", "summary": "NETOBSERV-1538", "url": "https://issues.redhat.com/browse/NETOBSERV-1538" }, { "category": "external", "summary": "NETOBSERV-1540", "url": "https://issues.redhat.com/browse/NETOBSERV-1540" }, { "category": "external", "summary": "NETOBSERV-1564", "url": "https://issues.redhat.com/browse/NETOBSERV-1564" }, { "category": "external", "summary": "NETOBSERV-163", "url": "https://issues.redhat.com/browse/NETOBSERV-163" }, { "category": "external", "summary": "NETOBSERV-1666", "url": "https://issues.redhat.com/browse/NETOBSERV-1666" }, { "category": "external", "summary": "NETOBSERV-1667", "url": "https://issues.redhat.com/browse/NETOBSERV-1667" }, { "category": "external", "summary": "NETOBSERV-1733", "url": "https://issues.redhat.com/browse/NETOBSERV-1733" }, { "category": "external", "summary": "NETOBSERV-1746", "url": "https://issues.redhat.com/browse/NETOBSERV-1746" }, { "category": "external", "summary": "NETOBSERV-1748", "url": "https://issues.redhat.com/browse/NETOBSERV-1748" }, { "category": "external", "summary": "NETOBSERV-1753", "url": "https://issues.redhat.com/browse/NETOBSERV-1753" }, { "category": "external", "summary": "NETOBSERV-1766", "url": "https://issues.redhat.com/browse/NETOBSERV-1766" }, { "category": "external", "summary": "NETOBSERV-1779", "url": "https://issues.redhat.com/browse/NETOBSERV-1779" }, { "category": "external", "summary": "NETOBSERV-1783", "url": "https://issues.redhat.com/browse/NETOBSERV-1783" }, { "category": "external", "summary": "NETOBSERV-1788", "url": "https://issues.redhat.com/browse/NETOBSERV-1788" }, { "category": "external", "summary": "NETOBSERV-1798", "url": "https://issues.redhat.com/browse/NETOBSERV-1798" }, { "category": "external", "summary": "NETOBSERV-1805", "url": "https://issues.redhat.com/browse/NETOBSERV-1805" }, { "category": "external", "summary": "NETOBSERV-1806", "url": "https://issues.redhat.com/browse/NETOBSERV-1806" }, { "category": "external", "summary": "NETOBSERV-1808", "url": "https://issues.redhat.com/browse/NETOBSERV-1808" }, { "category": "external", "summary": "NETOBSERV-1811", "url": "https://issues.redhat.com/browse/NETOBSERV-1811" }, { "category": "external", "summary": "NETOBSERV-1812", "url": "https://issues.redhat.com/browse/NETOBSERV-1812" }, { "category": "external", "summary": "NETOBSERV-1813", "url": "https://issues.redhat.com/browse/NETOBSERV-1813" }, { "category": "external", "summary": "NETOBSERV-1816", "url": "https://issues.redhat.com/browse/NETOBSERV-1816" }, { "category": "external", "summary": "NETOBSERV-1819", "url": "https://issues.redhat.com/browse/NETOBSERV-1819" }, { "category": "external", "summary": "NETOBSERV-1848", "url": "https://issues.redhat.com/browse/NETOBSERV-1848" }, { "category": "external", "summary": "NETOBSERV-1884", "url": "https://issues.redhat.com/browse/NETOBSERV-1884" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8014.json" } ], "title": "Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift", "tracking": { "current_release_date": "2024-11-08T20:38:25+00:00", "generator": { "date": "2024-11-08T20:38:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:8014", "initial_release_date": "2024-10-22T01:05:39+00:00", "revision_history": [ { "date": "2024-10-22T01:05:39+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-22T01:05:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T20:38:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "NETOBSERV 1.7 for RHEL 9", "product": { "name": "NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9" } } } ], "category": "product_family", "name": "Network Observability" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "product_id": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "product_id": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "product_id": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le", "product_id": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "product_id": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "product_id": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "product": { "name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "product_id": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "product_id": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "product_id": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64" }, "product_reference": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64 as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le as a component of NETOBSERV 1.7 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-34155", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:06.929766+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310527" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34155" }, { "category": "external", "summary": "RHBZ#2310527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155" }, { "category": "external", "summary": "https://go.dev/cl/611238", "url": "https://go.dev/cl/611238" }, { "category": "external", "summary": "https://go.dev/issue/69138", "url": "https://go.dev/issue/69138" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3105", "url": "https://pkg.go.dev/vuln/GO-2024-3105" } ], "release_date": "2024-09-06T21:15:11.947000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion" }, { "cve": "CVE-2024-34156", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-09-06T21:20:09.377905+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310528" } ], "notes": [ { "category": "description", "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "title": "Vulnerability description" }, { "category": "summary", "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34156" }, { "category": "external", "summary": "RHBZ#2310528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156" }, { "category": "external", "summary": "https://go.dev/cl/611239", "url": "https://go.dev/cl/611239" }, { "category": "external", "summary": "https://go.dev/issue/69139", "url": "https://go.dev/issue/69139" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3106", "url": "https://pkg.go.dev/vuln/GO-2024-3106" } ], "release_date": "2024-09-06T21:15:12.020000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-34158", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2024-09-06T21:20:12.126400+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310529" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-34158" }, { "category": "external", "summary": "RHBZ#2310529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158" }, { "category": "external", "summary": "https://go.dev/cl/611240", "url": "https://go.dev/cl/611240" }, { "category": "external", "summary": "https://go.dev/issue/69141", "url": "https://go.dev/issue/69141" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-3107", "url": "https://pkg.go.dev/vuln/GO-2024-3107" } ], "release_date": "2024-09-06T21:15:12.083000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion" }, { "cve": "CVE-2024-39338", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2024-08-13T17:21:32.774718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2304369" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", "title": "Vulnerability description" }, { "category": "summary", "text": "axios: axios: Server-Side Request Forgery", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-39338" }, { "category": "external", "summary": "RHBZ#2304369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338" }, { "category": "external", "summary": "https://github.com/axios/axios/releases", "url": "https://github.com/axios/axios/releases" }, { "category": "external", "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html" } ], "release_date": "2024-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "axios: axios: Server-Side Request Forgery" }, { "cve": "CVE-2024-43788", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-08-27T17:20:06.890123+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308193" } ], "notes": [ { "category": "description", "text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43788" }, { "category": "external", "summary": "RHBZ#2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788" }, { "category": "external", "summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61" }, { "category": "external", "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "category": "external", "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "category": "external", "summary": "https://scnps.co/papers/sp23_domclob.pdf", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "release_date": "2024-08-27T17:15:07.967000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule" }, { "cve": "CVE-2024-43796", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:28.106254+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311152" } ], "notes": [ { "category": "description", "text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: Improper Input Handling in Express Redirects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43796" }, { "category": "external", "summary": "RHBZ#2311152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796" }, { "category": "external", "summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553" }, { "category": "external", "summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx" } ], "release_date": "2024-09-10T15:15:17.510000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: Improper Input Handling in Express Redirects" }, { "cve": "CVE-2024-43799", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:30.869487+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311153" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.", "title": "Vulnerability description" }, { "category": "summary", "text": "send: Code Execution Vulnerability in Send Library", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43799" }, { "category": "external", "summary": "RHBZ#2311153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799" }, { "category": "external", "summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35", "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35" }, { "category": "external", "summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg", "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg" } ], "release_date": "2024-09-10T15:15:17.727000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "send: Code Execution Vulnerability in Send Library" }, { "cve": "CVE-2024-43800", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-09-10T15:30:33.631718+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311154" } ], "notes": [ { "category": "description", "text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().", "title": "Vulnerability description" }, { "category": "summary", "text": "serve-static: Improper Sanitization in serve-static", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43800" }, { "category": "external", "summary": "RHBZ#2311154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b", "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa", "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa" }, { "category": "external", "summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p", "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p" } ], "release_date": "2024-09-10T15:15:17.937000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "serve-static: Improper Sanitization in serve-static" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45590", "cwe": { "id": "CWE-405", "name": "Asymmetric Resource Consumption (Amplification)" }, "discovery_date": "2024-09-10T16:20:29.292154+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2311171" } ], "notes": [ { "category": "description", "text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "body-parser: Denial of Service Vulnerability in body-parser", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45590" }, { "category": "external", "summary": "RHBZ#2311171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce" }, { "category": "external", "summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7" } ], "release_date": "2024-09-10T16:15:21.083000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "body-parser: Denial of Service Vulnerability in body-parser" }, { "cve": "CVE-2024-45801", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-16T19:20:09.863249+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312631" } ], "notes": [ { "category": "description", "text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: XSS vulnerability via prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45801" }, { "category": "external", "summary": "RHBZ#2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" } ], "release_date": "2024-09-16T19:16:11.080000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-22T01:05:39+00:00", "details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:8014" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64", "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dompurify: XSS vulnerability via prototype pollution" } ] }
rhsa-2024_7324
Vulnerability from csaf_redhat
Published
2024-10-02 12:03
Modified
2024-11-08 20:23
Summary
Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.7
Notes
Topic
Logging for Red Hat OpenShift - 5.9.7
Details
Logging for Red Hat OpenShift - 5.9.7
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Logging for Red Hat OpenShift - 5.9.7", "title": "Topic" }, { "category": "general", "text": "Logging for Red Hat OpenShift - 5.9.7", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7324", "url": "https://access.redhat.com/errata/RHSA-2024:7324" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "LOG-5950", "url": "https://issues.redhat.com/browse/LOG-5950" }, { "category": "external", "summary": "LOG-6041", "url": "https://issues.redhat.com/browse/LOG-6041" }, { "category": "external", "summary": "LOG-6125", "url": "https://issues.redhat.com/browse/LOG-6125" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7324.json" } ], "title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.7", "tracking": { "current_release_date": "2024-11-08T20:23:38+00:00", "generator": { "date": "2024-11-08T20:23:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:7324", "initial_release_date": "2024-10-02T12:03:29+00:00", "revision_history": [ { "date": "2024-10-02T12:03:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-02T12:03:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T20:23:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.9 for RHEL 9", "product": { "name": "RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.9::el9" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "product_id": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "product_id": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "product_id": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "product": { "name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "product_id": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "product": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "product": { "name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "product_id": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.9.7-11" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "product": { "name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "product_id": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "product": { "name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "product_id": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "product": { "name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "product_id": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "product": { "name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "product_id": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "product": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.9.7-16" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "product": { "name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "product_id": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "product_id": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "product": { "name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "product_id": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "product": { "name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "product_id": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "product": { "name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "product_id": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x", "product": { "name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x", "product_id": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "product": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "product": { "name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "product_id": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "product_id": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "product": { "name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "product_id": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "product": { "name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "product_id": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "product": { "name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "product_id": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "product": { "name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "product_id": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19" } } }, { "category": "product_version", "name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "product": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "product": { "name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "product_id": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "product_id": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x" }, "product_reference": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64" }, "product_reference": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64" }, "product_reference": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le" }, "product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x" }, "product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64" }, "product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64" }, "product_reference": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64" }, "product_reference": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x" }, "product_reference": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le" }, "product_reference": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64" }, "product_reference": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64 as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64" }, "product_reference": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le" }, "product_reference": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "relates_to_product_reference": "9Base-RHOL-5.9" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x as a component of RHOL 5.9 for RHEL 9", "product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" }, "product_reference": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x", "relates_to_product_reference": "9Base-RHOL-5.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-6104", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2024-06-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2294000" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-retryablehttp: url might write sensitive information to log file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6104" }, { "category": "external", "summary": "RHBZ#2294000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104" } ], "release_date": "2024-06-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-02T12:03:29+00:00", "details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7324" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go-retryablehttp: url might write sensitive information to log file" }, { "cve": "CVE-2024-45296", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-09T19:20:18.127723+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2310908" } ], "notes": [ { "category": "description", "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "path-to-regexp: Backtracking regular expressions cause ReDoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45296" }, { "category": "external", "summary": "RHBZ#2310908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f", "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6", "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6" }, { "category": "external", "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j", "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j" } ], "release_date": "2024-09-09T19:15:13.330000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-02T12:03:29+00:00", "details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7324" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "path-to-regexp: Backtracking regular expressions cause ReDoS" }, { "cve": "CVE-2024-45801", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-16T19:20:09.863249+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312631" } ], "notes": [ { "category": "description", "text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: XSS vulnerability via prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45801" }, { "category": "external", "summary": "RHBZ#2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" } ], "release_date": "2024-09-16T19:16:11.080000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-02T12:03:29+00:00", "details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7324" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le", "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64", "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64", "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64", "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64", "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x", "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64", "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x", "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x", "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le", "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le", "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dompurify: XSS vulnerability via prototype pollution" } ] }
rhsa-2024_7706
Vulnerability from csaf_redhat
Published
2024-10-07 01:12
Modified
2024-11-08 20:23
Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Notes
Topic
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Security Fix(es):
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nSecurity Fix(es):\n\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7706", "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7706.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Cryostat security update", "tracking": { "current_release_date": "2024-11-08T20:23:45+00:00", "generator": { "date": "2024-11-08T20:23:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:7706", "initial_release_date": "2024-10-07T01:12:29+00:00", "revision_history": [ { "date": "2024-10-07T01:12:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-07T01:12:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T20:23:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Cryostat 3 on RHEL 8", "product": { "name": "Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:cryostat:3::el8" } } } ], "category": "product_family", "name": "Cryostat" }, { "branches": [ { "category": "product_version", "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product_identification_helper": { "purl": "pkg:oci/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product_identification_helper": { "purl": "pkg:oci/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64" }, "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" }, "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "relates_to_product_reference": "8Base-Cryostat-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-43788", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-08-27T17:20:06.890123+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308193" } ], "notes": [ { "category": "description", "text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43788" }, { "category": "external", "summary": "RHBZ#2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788" }, { "category": "external", "summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61" }, { "category": "external", "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "category": "external", "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "category": "external", "summary": "https://scnps.co/papers/sp23_domclob.pdf", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "release_date": "2024-08-27T17:15:07.967000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-07T01:12:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule" }, { "cve": "CVE-2024-45801", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-16T19:20:09.863249+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312631" } ], "notes": [ { "category": "description", "text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: XSS vulnerability via prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45801" }, { "category": "external", "summary": "RHBZ#2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" } ], "release_date": "2024-09-16T19:16:11.080000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-07T01:12:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dompurify: XSS vulnerability via prototype pollution" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.