Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-51744
Vulnerability from cvelistv5
Published
2024-11-04 21:47
Modified
2024-11-05 16:11
Severity ?
EPSS score ?
0.07%
(0.18122)
Summary
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang-jwt | jwt |
Version: < 4.5.1 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-51744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T16:11:29.522504Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-05T16:11:42.243Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "jwt", vendor: "golang-jwt", versions: [ { status: "affected", version: "< 4.5.1", }, ], }, ], descriptions: [ { lang: "en", value: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755: Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:47:12.170Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", }, { name: "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", tags: [ "x_refsource_MISC", ], url: "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", }, ], source: { advisory: "GHSA-29wx-vh33-7x7r", discovery: "UNKNOWN", }, title: "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-51744", datePublished: "2024-11-04T21:47:12.170Z", dateReserved: "2024-10-31T14:12:45.789Z", dateUpdated: "2024-11-05T16:11:42.243Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \\\"dangerous\\\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\\\"dangerous\\\" ones first), so that you are not running in the case detailed above.\"}, {\"lang\": \"es\", \"value\": \"golang-jwt es una implementaci\\u00f3n de Go de tokens web JSON. La documentaci\\u00f3n poco clara del comportamiento de los errores en `ParseWithClaims` puede llevar a una situaci\\u00f3n en la que los usuarios potencialmente no est\\u00e9n verificando los errores como deber\\u00edan. Especialmente, si un token est\\u00e1 vencido y no es v\\u00e1lido, los errores devueltos por `ParseWithClaims` devuelven ambos c\\u00f3digos de error. Si los usuarios solo verifican `jwt.ErrTokenExpired` usando `error.Is`, ignorar\\u00e1n el `jwt.ErrTokenSignatureInvalid` incorporado y, por lo tanto, potencialmente aceptar\\u00e1n tokens no v\\u00e1lidos. Se ha incorporado una soluci\\u00f3n con la l\\u00f3gica de manejo de errores de la rama `v5` a la rama `v4`. En esta l\\u00f3gica, la funci\\u00f3n `ParseWithClaims` regresar\\u00e1 inmediatamente en situaciones \\\"peligrosas\\\" (por ejemplo, una firma no v\\u00e1lida), lo que limita los errores combinados solo a situaciones en las que la firma es v\\u00e1lida, pero la validaci\\u00f3n posterior fall\\u00f3 (por ejemplo, si la firma es v\\u00e1lida, pero est\\u00e1 vencida Y tiene la audiencia incorrecta). Esta correcci\\u00f3n forma parte de la versi\\u00f3n 4.5.1. Somos conscientes de que esto cambia el comportamiento de una funci\\u00f3n establecida y no es 100 % compatible con versiones anteriores, por lo que actualizar a la versi\\u00f3n 4.5.1 podr\\u00eda da\\u00f1ar el c\\u00f3digo. En caso de que no pueda actualizar a la versi\\u00f3n 4.5.0, aseg\\u00farese de comprobar correctamente todos los errores (primero los \\\"peligrosos\\\"), para que no se encuentre en el caso detallado anteriormente.\"}]", id: "CVE-2024-51744", lastModified: "2024-11-05T16:04:26.053", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}]}", published: "2024-11-04T22:15:03.997", references: "[{\"url\": \"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\", \"source\": \"security-advisories@github.com\"}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-51744\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-04T22:15:03.997\",\"lastModified\":\"2024-11-05T16:04:26.053\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \\\"dangerous\\\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\\\"dangerous\\\" ones first), so that you are not running in the case detailed above.\"},{\"lang\":\"es\",\"value\":\"golang-jwt es una implementación de Go de tokens web JSON. La documentación poco clara del comportamiento de los errores en `ParseWithClaims` puede llevar a una situación en la que los usuarios potencialmente no estén verificando los errores como deberían. Especialmente, si un token está vencido y no es válido, los errores devueltos por `ParseWithClaims` devuelven ambos códigos de error. Si los usuarios solo verifican `jwt.ErrTokenExpired` usando `error.Is`, ignorarán el `jwt.ErrTokenSignatureInvalid` incorporado y, por lo tanto, potencialmente aceptarán tokens no válidos. Se ha incorporado una solución con la lógica de manejo de errores de la rama `v5` a la rama `v4`. En esta lógica, la función `ParseWithClaims` regresará inmediatamente en situaciones \\\"peligrosas\\\" (por ejemplo, una firma no válida), lo que limita los errores combinados solo a situaciones en las que la firma es válida, pero la validación posterior falló (por ejemplo, si la firma es válida, pero está vencida Y tiene la audiencia incorrecta). Esta corrección forma parte de la versión 4.5.1. Somos conscientes de que esto cambia el comportamiento de una función establecida y no es 100 % compatible con versiones anteriores, por lo que actualizar a la versión 4.5.1 podría dañar el código. En caso de que no pueda actualizar a la versión 4.5.0, asegúrese de comprobar correctamente todos los errores (primero los \\\"peligrosos\\\"), para que no se encuentre en el caso detallado anteriormente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"references\":[{\"url\":\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\",\"source\":\"security-advisories@github.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-51744\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-05T16:11:29.522504Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-05T16:11:37.984Z\"}}], \"cna\": {\"title\": \"Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt\", \"source\": {\"advisory\": \"GHSA-29wx-vh33-7x7r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"golang-jwt\", \"product\": \"jwt\", \"versions\": [{\"status\": \"affected\", \"version\": \"< 4.5.1\"}]}], \"references\": [{\"url\": \"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\", \"name\": \"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\", \"name\": \"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \\\"dangerous\\\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\\\"dangerous\\\" ones first), so that you are not running in the case detailed above.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755: Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-11-04T21:47:12.170Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-51744\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-05T16:11:42.243Z\", \"dateReserved\": \"2024-10-31T14:12:45.789Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-11-04T21:47:12.170Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
suse-su-2024:4042-1
Vulnerability from csaf_suse
Published
2024-11-22 10:44
Modified
2024-11-22 10:44
Summary
Security update for govulncheck-vulndb
Notes
Title of the patch
Security update for govulncheck-vulndb
Description of the patch
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241112T145010 2024-11-12T14:50:10Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3250 CVE-2024-51744 GHSA-29wx-vh33-7x7r
- Update to version 0.0.20241108T172500 2024-11-08T17:25:00Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3260 CVE-2024-45794 GHSA-q78v-cv36-8fxj
* GO-2024-3262 CVE-2024-10975 GHSA-2w5v-x29g-jw7j
- Update to version 0.0.20241106T172143 2024-11-06T17:21:43Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3251 CVE-2024-10389 GHSA-q3rp-vvm7-j8jg
* GO-2024-3252 CVE-2024-51746 GHSA-8pmp-678w-c8xx
* GO-2024-3253 CVE-2024-48057 GHSA-ghx4-cgxw-7h9p
* GO-2024-3254 CVE-2024-51735 GHSA-wvv7-wm5v-w2gv
Patchnames
SUSE-2024-4042,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4042,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4042,openSUSE-SLE-15.5-2024-4042,openSUSE-SLE-15.6-2024-4042
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for govulncheck-vulndb", title: "Title of the patch", }, { category: "description", text: "This update for govulncheck-vulndb fixes the following issues:\n\n- Update to version 0.0.20241112T145010 2024-11-12T14:50:10Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2024-3250 CVE-2024-51744 GHSA-29wx-vh33-7x7r\n\n- Update to version 0.0.20241108T172500 2024-11-08T17:25:00Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2024-3260 CVE-2024-45794 GHSA-q78v-cv36-8fxj\n * GO-2024-3262 CVE-2024-10975 GHSA-2w5v-x29g-jw7j\n\n- Update to version 0.0.20241106T172143 2024-11-06T17:21:43Z.\n Refs jsc#PED-11136\n Go CVE Numbering Authority IDs added or updated with aliases:\n * GO-2024-3251 CVE-2024-10389 GHSA-q3rp-vvm7-j8jg\n * GO-2024-3252 CVE-2024-51746 GHSA-8pmp-678w-c8xx\n * GO-2024-3253 CVE-2024-48057 GHSA-ghx4-cgxw-7h9p\n * GO-2024-3254 CVE-2024-51735 GHSA-wvv7-wm5v-w2gv\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-4042,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4042,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4042,openSUSE-SLE-15.5-2024-4042,openSUSE-SLE-15.6-2024-4042", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4042-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:4042-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20244042-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:4042-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019840.html", }, { category: "self", summary: "SUSE CVE CVE-2024-10389 page", url: "https://www.suse.com/security/cve/CVE-2024-10389/", }, { category: "self", summary: "SUSE CVE CVE-2024-10975 page", url: "https://www.suse.com/security/cve/CVE-2024-10975/", }, { category: "self", summary: "SUSE CVE CVE-2024-45794 page", url: "https://www.suse.com/security/cve/CVE-2024-45794/", }, { category: "self", summary: "SUSE CVE CVE-2024-48057 page", url: "https://www.suse.com/security/cve/CVE-2024-48057/", }, { category: "self", summary: "SUSE CVE CVE-2024-51735 page", url: "https://www.suse.com/security/cve/CVE-2024-51735/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, { category: "self", summary: "SUSE CVE CVE-2024-51746 page", url: "https://www.suse.com/security/cve/CVE-2024-51746/", }, ], title: "Security update for govulncheck-vulndb", tracking: { current_release_date: "2024-11-22T10:44:11Z", generator: { date: "2024-11-22T10:44:11Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:4042-1", initial_release_date: "2024-11-22T10:44:11Z", revision_history: [ { date: "2024-11-22T10:44:11Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", product: { name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", product_id: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp6", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-10389", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-10389", }, ], notes: [ { category: "general", text: "There exists a Path Traversal vulnerability in Safearchive on Platforms with Case-Insensitive Filesystems (e.g., NTFS). This allows Attackers to Write Arbitrary Files via Archive Extraction containing symbolic links. We recommend upgrading past commit f7ce9d7b6f9c6ecd72d0b0f16216b046e55e44dc", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-10389", url: "https://www.suse.com/security/cve/CVE-2024-10389", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "moderate", }, ], title: "CVE-2024-10389", }, { cve: "CVE-2024-10975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-10975", }, ], notes: [ { category: "general", text: "Nomad Community and Nomad Enterprise (\"Nomad\") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-10975", url: "https://www.suse.com/security/cve/CVE-2024-10975", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "important", }, ], title: "CVE-2024-10975", }, { cve: "CVE-2024-45794", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45794", }, ], notes: [ { category: "general", text: "devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-45794", url: "https://www.suse.com/security/cve/CVE-2024-45794", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "important", }, ], title: "CVE-2024-45794", }, { cve: "CVE-2024-48057", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-48057", }, ], notes: [ { category: "general", text: "localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-48057", url: "https://www.suse.com/security/cve/CVE-2024-48057", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "moderate", }, ], title: "CVE-2024-48057", }, { cve: "CVE-2024-51735", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51735", }, ], notes: [ { category: "general", text: "Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. This may lead to commands executed on the host as well. This issue is not yet resolved. Users are advised to add their own filtering or to reach out to the developer to aid in developing a patch.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-51735", url: "https://www.suse.com/security/cve/CVE-2024-51735", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "important", }, ], title: "CVE-2024-51735", }, { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "low", }, ], title: "CVE-2024-51744", }, { cve: "CVE-2024-51746", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51746", }, ], notes: [ { category: "general", text: "Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payload. The search API returns entries that match either condition rather than both. When gitsign's credential cache is used, there can be multiple entries that use the same ephemeral keypair / signing certificate. As gitsign assumes both conditions are matched by Rekor, there is no additional validation that the entry's hash matches the payload being verified, meaning that the wrong entry can be used to successfully pass verification. Impact is minimal as while gitsign does not match the payload against the entry, it does ensure that the certificate matches. This would need to be exploited during the certificate validity window (10 minutes) by the key holder.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-51746", url: "https://www.suse.com/security/cve/CVE-2024-51746", }, { category: "external", summary: "SUSE Bug 1232903 for CVE-2024-51746", url: "https://bugzilla.suse.com/1232903", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.5:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", "openSUSE Leap 15.6:govulncheck-vulndb-0.0.20241112T145010-150000.1.17.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-11-22T10:44:11Z", details: "low", }, ], title: "CVE-2024-51746", }, ], }
suse-su-2025:0546-1
Vulnerability from csaf_suse
Published
2025-02-14 07:24
Modified
2025-02-14 07:24
Summary
Security update golang-github-prometheus-prometheus
Notes
Title of the patch
Security update golang-github-prometheus-prometheus
Description of the patch
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):
- Security issues fixed:
* CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error
handling (bsc#1232970)
- Highlights of other changes:
* Performance:
+ Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and
remote write operations.
+ Default GOGC value lowered to 75 for better memory management.
+ Option to limit memory usage from dropped targets added.
* New Features:
+ Experimental OpenTelemetry ingestion.
+ Automatic memory limit handling.
+ Native histogram support, including new functions, UI enhancements, and improved scraping.
+ Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.
+ Expanded service discovery options with added metadata and support for new services.
+ New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.
* Bug Fixes:
+ Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
* For a detailed list of changes consult the package changelog or
https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3
Patchnames
SUSE-2025-546,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-546,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2025-546,openSUSE-SLE-15.6-2025-546
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update golang-github-prometheus-prometheus", title: "Title of the patch", }, { category: "description", text: "\n\ngolang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):\n\n- Security issues fixed:\n * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error\n handling (bsc#1232970)\n\n- Highlights of other changes:\n * Performance: \n + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and \n remote write operations.\n + Default GOGC value lowered to 75 for better memory management. \n + Option to limit memory usage from dropped targets added.\n * New Features:\n + Experimental OpenTelemetry ingestion.\n + Automatic memory limit handling.\n + Native histogram support, including new functions, UI enhancements, and improved scraping.\n + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.\n + Expanded service discovery options with added metadata and support for new services.\n + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.\n * Bug Fixes: \n + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.\n * For a detailed list of changes consult the package changelog or \n https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-546,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-546,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2025-546,openSUSE-SLE-15.6-2025-546", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0546-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0546-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250546-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0546-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020340.html", }, { category: "self", summary: "SUSE Bug 1232970", url: "https://bugzilla.suse.com/1232970", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "Security update golang-github-prometheus-prometheus", tracking: { current_release_date: "2025-02-14T07:24:38Z", generator: { date: "2025-02-14T07:24:38Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0546-1", initial_release_date: "2025-02-14T07:24:38Z", revision_history: [ { date: "2025-02-14T07:24:38Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", product: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", product_id: "firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", product: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", product_id: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150100.4.23.1.i586", product: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.i586", product_id: "firewalld-prometheus-config-0.1-150100.4.23.1.i586", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.i586", product: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.i586", product_id: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", product: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", product_id: "firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", product_id: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150100.4.23.1.s390x", product: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.s390x", product_id: "firewalld-prometheus-config-0.1-150100.4.23.1.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", product: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", product_id: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", product: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", product_id: "firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", product: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", product_id: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp6", }, }, }, { category: "product_name", name: "SUSE Manager Proxy Module 4.3", product: { name: "SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64 as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64 as component of SUSE Manager Proxy Module 4.3", product_id: "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy Module 4.3", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", }, product_reference: "firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", }, product_reference: "firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.s390x", }, product_reference: "firewalld-prometheus-config-0.1-150100.4.23.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150100.4.23.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", }, product_reference: "firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.s390x", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.s390x", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "SUSE Manager Proxy Module 4.3:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.aarch64", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.s390x", "openSUSE Leap 15.6:firewalld-prometheus-config-0.1-150100.4.23.1.x86_64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-prometheus-2.53.3-150100.4.23.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:24:38Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
suse-su-2025:0525-1
Vulnerability from csaf_suse
Published
2025-02-14 07:18
Modified
2025-02-14 07:18
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
dracut-saltboot was updated to version 0.1.1728559936.c16d4fb:
- Added MAC based terminal naming option (jsc#SUMA-314)
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):
- Security issues fixed:
* CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error
handling (bsc#1232970)
- Highlights of other changes:
* Performance:
+ Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and
remote write operations.
+ Default GOGC value lowered to 75 for better memory management.
+ Option to limit memory usage from dropped targets added.
* New Features:
+ Experimental OpenTelemetry ingestion.
+ Automatic memory limit handling.
+ Native histogram support, including new functions, UI enhancements, and improved scraping.
+ Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.
+ Expanded service discovery options with added metadata and support for new services.
+ New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.
* Bug Fixes:
+ Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
* For a detailed list of changes consult the package changelog or
https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3
grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649):
- Security issues fixed:
* CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading
golang.org/x/crypto (bsc#1234554)
* CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
* CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301)
* CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024)
- Potential breaking changes in version 10:
* In panels using the `extract fields` transformation, where one
of the extracted names collides with one of the already
existing ields, the extracted field will be renamed.
* For the existing backend mode users who have table
visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will
potentially affect field transformations and/or field
overrides. To resolve this either: update transformation or
field override.
* For the existing backend mode users who have Transformations
with the `time` field, might see their transformations are
not working. Those panels that have broken transformations
will fail to render. This is because we changed the field
key. To resolve this either: Remove the affected panel and
re-create it; Select the `Time` field again; Edit the `time`
field as `Time` for transformation in `panel.json` or
`dashboard.json`
* The following data source permission endpoints have been removed:
`GET /datasources/:datasourceId/permissions`
`POST /api/datasources/:datasourceId/permissions`
`DELETE /datasources/:datasourceId/permissions`
`POST /datasources/:datasourceId/enable-permissions`
`POST /datasources/:datasourceId/disable-permissions`
+ Please use the following endpoints instead:
`GET /api/access-control/datasources/:uid` for listing data
source permissions
`POST /api/access-control/datasources/:uid/users/:id`,
`POST /api/access-control/datasources/:uid/teams/:id` and
`POST /api/access-control/datasources/:uid/buildInRoles/:id`
for adding or removing data source permissions
* If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your
provider.
* For the existing backend mode users who have table visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will potentially affect field transformations and/or field overrides.
* The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed.
Dashboard information can be retrieved from the `/dashboard/...` APIs.
* The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID`
* Removed all components for the old panel header design.
* Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/
for more details
* OAuth role mapping enforcement: This change impacts GitHub,
Gitlab, Okta, and Generic OAuth. To avoid overriding manually
set roles, enable the skip_org_role_sync option in the
Grafana configuration for your OAuth provider before
upgrading
* Angular has been deprecated
* Grafana legacy alerting has been deprecated
* API keys are migrating to service accounts
* The experimental “dashboard previews” feature is removed
* Usernames are now case-insensitive by default
* Grafana OAuth integrations do not work anymore with email lookups
* The “Alias” field in the CloudWatch data source is removed
* Athena data source plugin must be updated to version >=2.9.3
* Redshift data source plugin must be updated to version >=1.8.3
* DoiT International BigQuery plugin no longer supported
* Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0
for more details
- This update brings many new features, enhancements and fixes highlighted at:
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/:
spacecmd was updated to version 5.0.11-0:
- Updated translation strings
supportutils-plugin-salt was updated to version 1.2.3:
- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)
- Provide backwards-compatible scripts version
supportutils-plugin-susemanager-client was updated to version 5.0.4-0:
- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)
uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:
- Security issues fixed:
* CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
- Other changes and bugs fixed:
* Version 0.1.27-0
+ Bump the default image tag to 5.0.3
+ IsInstalled function fix
+ Run systemctl daemon-reload after changing the container image config (bsc#1233279)
+ Coco-replicas-upgrade
+ Persist search server indexes (bsc#1231759)
+ Sync deletes files during migration (bsc#1233660)
+ Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
+ Add --registry back to mgrpxy (bsc#1233202)
+ Only add java.hostname on migrated server if not present
+ Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
+ Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
+ Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
* Version 0.1.26-0
+ Ignore all zypper caches during migration (bsc#1232769)
+ Use the uyuni network for all podman containers (bsc#1232817)
* Version 0.1.25-0
+ Don't migrate enabled systemd services, recreate them (bsc#1232575)
* Version 0.1.24-0
+ Redact JSESSIONID and pxt-session-cookie values from logs and
console output (bsc#1231568)
Patchnames
SUSE-2025-525,SUSE-SLE-Manager-Tools-15-2025-525,SUSE-SLE-Manager-Tools-For-Micro-5-2025-525,SUSE-SLE-Module-Basesystem-15-SP6-2025-525,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-525,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-525,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-525,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-525,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-525,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-525,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-525,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-525,SUSE-Storage-7.1-2025-525,openSUSE-SLE-15.6-2025-525
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ndracut-saltboot was updated to version 0.1.1728559936.c16d4fb:\n\n- Added MAC based terminal naming option (jsc#SUMA-314)\n\ngolang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):\n\n- Security issues fixed:\n * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error\n handling (bsc#1232970)\n\n- Highlights of other changes:\n * Performance: \n + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and \n remote write operations.\n + Default GOGC value lowered to 75 for better memory management. \n + Option to limit memory usage from dropped targets added.\n * New Features:\n + Experimental OpenTelemetry ingestion.\n + Automatic memory limit handling.\n + Native histogram support, including new functions, UI enhancements, and improved scraping.\n + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.\n + Expanded service discovery options with added metadata and support for new services.\n + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.\n * Bug Fixes: \n + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.\n * For a detailed list of changes consult the package changelog or \n https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3\n\ngrafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649):\n\n- Security issues fixed:\n * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading \n golang.org/x/crypto (bsc#1234554)\n * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641)\n * CVE-2023-6152: Add email verification when updating user email (bsc#1219912)\n * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301)\n * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024)\n\n- Potential breaking changes in version 10:\n * In panels using the `extract fields` transformation, where one\n of the extracted names collides with one of the already\n existing ields, the extracted field will be renamed.\n * For the existing backend mode users who have table\n visualization might see some inconsistencies on their panels.\n We have updated the table column naming. This will\n potentially affect field transformations and/or field\n overrides. To resolve this either: update transformation or\n field override.\n * For the existing backend mode users who have Transformations\n with the `time` field, might see their transformations are\n not working. Those panels that have broken transformations\n will fail to render. This is because we changed the field\n key. To resolve this either: Remove the affected panel and\n re-create it; Select the `Time` field again; Edit the `time`\n field as `Time` for transformation in `panel.json` or\n `dashboard.json` \n * The following data source permission endpoints have been removed:\n `GET /datasources/:datasourceId/permissions`\n `POST /api/datasources/:datasourceId/permissions`\n `DELETE /datasources/:datasourceId/permissions`\n `POST /datasources/:datasourceId/enable-permissions`\n `POST /datasources/:datasourceId/disable-permissions`\n + Please use the following endpoints instead:\n `GET /api/access-control/datasources/:uid` for listing data\n source permissions\n `POST /api/access-control/datasources/:uid/users/:id`,\n `POST /api/access-control/datasources/:uid/teams/:id` and\n `POST /api/access-control/datasources/:uid/buildInRoles/:id` \n for adding or removing data source permissions\n * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your\n provider.\n * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. \n We have updated the table column naming. This will potentially affect field transformations and/or field overrides.\n * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. \n Dashboard information can be retrieved from the `/dashboard/...` APIs.\n * The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID`\n * Removed all components for the old panel header design.\n * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/\n for more details\n * OAuth role mapping enforcement: This change impacts GitHub,\n Gitlab, Okta, and Generic OAuth. To avoid overriding manually\n set roles, enable the skip_org_role_sync option in the\n Grafana configuration for your OAuth provider before\n upgrading\n * Angular has been deprecated\n * Grafana legacy alerting has been deprecated\n * API keys are migrating to service accounts\n * The experimental “dashboard previews” feature is removed\n * Usernames are now case-insensitive by default\n * Grafana OAuth integrations do not work anymore with email lookups\n * The “Alias” field in the CloudWatch data source is removed\n * Athena data source plugin must be updated to version >=2.9.3\n * Redshift data source plugin must be updated to version >=1.8.3\n * DoiT International BigQuery plugin no longer supported\n * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0\n for more details\n\n- This update brings many new features, enhancements and fixes highlighted at:\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/:\n\nspacecmd was updated to version 5.0.11-0:\n\n- Updated translation strings\n\nsupportutils-plugin-salt was updated to version 1.2.3:\n\n- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)\n- Provide backwards-compatible scripts version\n\nsupportutils-plugin-susemanager-client was updated to version 5.0.4-0:\n\n- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)\n\nuyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:\n\n- Security issues fixed:\n * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)\n- Other changes and bugs fixed:\n * Version 0.1.27-0\n + Bump the default image tag to 5.0.3\n + IsInstalled function fix\n + Run systemctl daemon-reload after changing the container image config (bsc#1233279)\n + Coco-replicas-upgrade\n + Persist search server indexes (bsc#1231759)\n + Sync deletes files during migration (bsc#1233660)\n + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)\n + Add --registry back to mgrpxy (bsc#1233202)\n + Only add java.hostname on migrated server if not present\n + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)\n + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)\n + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)\n * Version 0.1.26-0\n + Ignore all zypper caches during migration (bsc#1232769)\n + Use the uyuni network for all podman containers (bsc#1232817)\n * Version 0.1.25-0\n + Don't migrate enabled systemd services, recreate them (bsc#1232575)\n * Version 0.1.24-0\n + Redact JSESSIONID and pxt-session-cookie values from logs and\n console output (bsc#1231568)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-525,SUSE-SLE-Manager-Tools-15-2025-525,SUSE-SLE-Manager-Tools-For-Micro-5-2025-525,SUSE-SLE-Module-Basesystem-15-SP6-2025-525,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-525,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-525,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-525,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-525,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-525,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-525,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-525,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-525,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-525,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-525,SUSE-Storage-7.1-2025-525,openSUSE-SLE-15.6-2025-525", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0525-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0525-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250525-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0525-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020347.html", }, { category: "self", summary: "SUSE Bug 1212641", url: "https://bugzilla.suse.com/1212641", }, { category: "self", summary: "SUSE Bug 1219912", url: "https://bugzilla.suse.com/1219912", }, { category: "self", summary: "SUSE Bug 1229079", url: "https://bugzilla.suse.com/1229079", }, { category: "self", summary: "SUSE Bug 1229104", url: "https://bugzilla.suse.com/1229104", }, { category: "self", summary: "SUSE Bug 1231024", url: "https://bugzilla.suse.com/1231024", }, { category: "self", summary: "SUSE Bug 1231497", url: "https://bugzilla.suse.com/1231497", }, { category: "self", summary: "SUSE Bug 1231568", url: "https://bugzilla.suse.com/1231568", }, { category: "self", summary: "SUSE Bug 1231759", url: "https://bugzilla.suse.com/1231759", }, { category: "self", summary: "SUSE Bug 1232575", url: "https://bugzilla.suse.com/1232575", }, { category: "self", summary: "SUSE Bug 1232769", url: "https://bugzilla.suse.com/1232769", }, { category: "self", summary: "SUSE Bug 1232817", url: "https://bugzilla.suse.com/1232817", }, { category: "self", summary: "SUSE Bug 1232970", url: "https://bugzilla.suse.com/1232970", }, { category: "self", summary: "SUSE Bug 1233202", url: "https://bugzilla.suse.com/1233202", }, { category: "self", summary: "SUSE Bug 1233279", url: "https://bugzilla.suse.com/1233279", }, { category: "self", summary: "SUSE Bug 1233630", url: "https://bugzilla.suse.com/1233630", }, { category: "self", summary: "SUSE Bug 1233660", url: "https://bugzilla.suse.com/1233660", }, { category: "self", summary: "SUSE Bug 1234123", url: "https://bugzilla.suse.com/1234123", }, { category: "self", summary: "SUSE Bug 1234554", url: "https://bugzilla.suse.com/1234554", }, { category: "self", summary: "SUSE Bug 1235145", url: "https://bugzilla.suse.com/1235145", }, { category: "self", summary: "SUSE Bug 1236301", url: "https://bugzilla.suse.com/1236301", }, { category: "self", summary: "SUSE CVE CVE-2023-3128 page", url: "https://www.suse.com/security/cve/CVE-2023-3128/", }, { category: "self", summary: "SUSE CVE CVE-2023-6152 page", url: "https://www.suse.com/security/cve/CVE-2023-6152/", }, { category: "self", summary: "SUSE CVE CVE-2024-22037 page", url: "https://www.suse.com/security/cve/CVE-2024-22037/", }, { category: "self", summary: "SUSE CVE CVE-2024-45337 page", url: "https://www.suse.com/security/cve/CVE-2024-45337/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, { category: "self", summary: "SUSE CVE CVE-2024-6837 page", url: "https://www.suse.com/security/cve/CVE-2024-6837/", }, { category: "self", summary: "SUSE CVE CVE-2024-8118 page", url: "https://www.suse.com/security/cve/CVE-2024-8118/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2025-02-14T07:18:27Z", generator: { date: "2025-02-14T07:18:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0525-1", initial_release_date: "2025-02-14T07:18:27Z", revision_history: [ { date: "2025-02-14T07:18:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", product: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", product_id: "firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", product: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", product_id: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", product: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", product_id: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", }, }, { category: "product_version", name: "grafana-10.4.13-150000.1.66.1.aarch64", product: { name: "grafana-10.4.13-150000.1.66.1.aarch64", product_id: "grafana-10.4.13-150000.1.66.1.aarch64", }, }, { category: "product_version", name: "mgrctl-0.1.28-150000.1.16.1.aarch64", product: { name: "mgrctl-0.1.28-150000.1.16.1.aarch64", product_id: "mgrctl-0.1.28-150000.1.16.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150000.3.59.1.i586", product: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.i586", product_id: "firewalld-prometheus-config-0.1-150000.3.59.1.i586", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.i586", product: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.i586", product_id: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.i586", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.i586", product: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.i586", product_id: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.i586", }, }, { category: "product_version", name: "grafana-10.4.13-150000.1.66.1.i586", product: { name: "grafana-10.4.13-150000.1.66.1.i586", product_id: "grafana-10.4.13-150000.1.66.1.i586", }, }, { category: "product_version", name: "mgrctl-0.1.28-150000.1.16.1.i586", product: { name: "mgrctl-0.1.28-150000.1.16.1.i586", product_id: "mgrctl-0.1.28-150000.1.16.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", product: { name: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", product_id: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", }, }, { category: "product_version", name: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", product: { name: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", product_id: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", }, }, { category: "product_version", name: "mgrctl-lang-0.1.28-150000.1.16.1.noarch", product: { name: "mgrctl-lang-0.1.28-150000.1.16.1.noarch", product_id: "mgrctl-lang-0.1.28-150000.1.16.1.noarch", }, }, { category: "product_version", name: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", product: { name: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", product_id: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", }, }, { category: "product_version", name: "spacecmd-5.0.11-150000.3.130.1.noarch", product: { name: "spacecmd-5.0.11-150000.3.130.1.noarch", product_id: "spacecmd-5.0.11-150000.3.130.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", product: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", product_id: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", product: { name: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", product_id: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", product: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", product_id: "firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", product_id: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", product: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", product_id: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", }, }, { category: "product_version", name: "grafana-10.4.13-150000.1.66.1.ppc64le", product: { name: "grafana-10.4.13-150000.1.66.1.ppc64le", product_id: "grafana-10.4.13-150000.1.66.1.ppc64le", }, }, { category: "product_version", name: "mgrctl-0.1.28-150000.1.16.1.ppc64le", product: { name: "mgrctl-0.1.28-150000.1.16.1.ppc64le", product_id: "mgrctl-0.1.28-150000.1.16.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150000.3.59.1.s390x", product: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.s390x", product_id: "firewalld-prometheus-config-0.1-150000.3.59.1.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", product: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", product_id: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", product: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", product_id: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", }, }, { category: "product_version", name: "grafana-10.4.13-150000.1.66.1.s390x", product: { name: "grafana-10.4.13-150000.1.66.1.s390x", product_id: "grafana-10.4.13-150000.1.66.1.s390x", }, }, { category: "product_version", name: "mgrctl-0.1.28-150000.1.16.1.s390x", product: { name: "mgrctl-0.1.28-150000.1.16.1.s390x", product_id: "mgrctl-0.1.28-150000.1.16.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", product: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", product_id: "firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", product: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", product_id: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", product: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", product_id: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", }, }, { category: "product_version", name: "grafana-10.4.13-150000.1.66.1.x86_64", product: { name: "grafana-10.4.13-150000.1.66.1.x86_64", product_id: "grafana-10.4.13-150000.1.66.1.x86_64", }, }, { category: "product_version", name: "mgrctl-0.1.28-150000.1.16.1.x86_64", product: { name: "mgrctl-0.1.28-150000.1.16.1.x86_64", product_id: "mgrctl-0.1.28-150000.1.16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 15", product: { name: "SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15", }, }, { category: "product_name", name: "SUSE Manager Client Tools for SLE Micro 5", product: { name: "SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5", product_identification_helper: { cpe: "cpe:/o:suse:sle-manager-tools-micro:5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp6", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp6", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP5-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP5-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp5", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.3", product: { name: "SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.3", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.3", product: { name: "SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.3", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", }, product_reference: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", }, product_reference: "firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", }, product_reference: "firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", }, product_reference: "firewalld-prometheus-config-0.1-150000.3.59.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "firewalld-prometheus-config-0.1-150000.3.59.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", }, product_reference: "firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-150000.1.66.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", }, product_reference: "grafana-10.4.13-150000.1.66.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-150000.1.66.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", }, product_reference: "grafana-10.4.13-150000.1.66.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-150000.1.66.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", }, product_reference: "grafana-10.4.13-150000.1.66.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-150000.1.66.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", }, product_reference: "grafana-10.4.13-150000.1.66.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.aarch64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.ppc64le as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.s390x as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.x86_64 as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-lang-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-lang-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "spacecmd-5.0.11-150000.3.130.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", }, product_reference: "spacecmd-5.0.11-150000.3.130.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch as component of SUSE Manager Client Tools 15", product_id: "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 15", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", }, product_reference: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-150000.1.16.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", }, product_reference: "mgrctl-0.1.28-150000.1.16.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-lang-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-lang-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5", product_id: "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", }, product_reference: "mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools for SLE Micro 5", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP5-LTSS", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP5", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Manager Proxy 4.3", product_id: "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", }, product_reference: "dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", }, product_reference: "golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "spacecmd-5.0.11-150000.3.130.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", }, product_reference: "spacecmd-5.0.11-150000.3.130.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2023-3128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-3128", }, ], notes: [ { category: "general", text: "Grafana is validating Azure AD accounts based on the email claim. \n\nOn Azure AD, the profile email field is not unique and can be easily modified. \n\nThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-3128", url: "https://www.suse.com/security/cve/CVE-2023-3128", }, { category: "external", summary: "SUSE Bug 1212641 for CVE-2023-3128", url: "https://bugzilla.suse.com/1212641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "critical", }, ], title: "CVE-2023-3128", }, { cve: "CVE-2023-6152", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-6152", }, ], notes: [ { category: "general", text: "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-6152", url: "https://www.suse.com/security/cve/CVE-2023-6152", }, { category: "external", summary: "SUSE Bug 1219912 for CVE-2023-6152", url: "https://bugzilla.suse.com/1219912", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "moderate", }, ], title: "CVE-2023-6152", }, { cve: "CVE-2024-22037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-22037", }, ], notes: [ { category: "general", text: "The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-22037", url: "https://www.suse.com/security/cve/CVE-2024-22037", }, { category: "external", summary: "SUSE Bug 1231497 for CVE-2024-22037", url: "https://bugzilla.suse.com/1231497", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "moderate", }, ], title: "CVE-2024-22037", }, { cve: "CVE-2024-45337", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45337", }, ], notes: [ { category: "general", text: "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-45337", url: "https://www.suse.com/security/cve/CVE-2024-45337", }, { category: "external", summary: "SUSE Bug 1234482 for CVE-2024-45337", url: "https://bugzilla.suse.com/1234482", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "important", }, ], title: "CVE-2024-45337", }, { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "low", }, ], title: "CVE-2024-51744", }, { cve: "CVE-2024-6837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-6837", }, ], notes: [ { category: "general", text: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-6837", url: "https://www.suse.com/security/cve/CVE-2024-6837", }, { category: "external", summary: "SUSE Bug 1236301 for CVE-2024-6837", url: "https://bugzilla.suse.com/1236301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "moderate", }, ], title: "CVE-2024-6837", }, { cve: "CVE-2024-8118", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-8118", }, ], notes: [ { category: "general", text: "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-8118", url: "https://www.suse.com/security/cve/CVE-2024-8118", }, { category: "external", summary: "SUSE Bug 1231024 for CVE-2024-8118", url: "https://bugzilla.suse.com/1231024", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server 15 SP5-LTSS:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP5:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.aarch64", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.ppc64le", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.s390x", "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.3-150000.3.59.1.x86_64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.aarch64", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.ppc64le", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.s390x", "SUSE Manager Client Tools 15:grafana-10.4.13-150000.1.66.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.ppc64le", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools 15:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools 15:spacecmd-5.0.11-150000.3.130.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.aarch64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.s390x", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.28-150000.1.16.1.x86_64", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.28-150000.1.16.1.noarch", "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.28-150000.1.16.1.noarch", "SUSE Manager Proxy 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "SUSE Manager Server 4.3:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:dracut-saltboot-0.1.1728559936.c16d4fb-150000.1.56.1.noarch", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.aarch64", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.ppc64le", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.s390x", "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.24.1.x86_64", "openSUSE Leap 15.6:spacecmd-5.0.11-150000.3.130.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch", "openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.4-150000.3.27.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:18:27Z", details: "moderate", }, ], title: "CVE-2024-8118", }, ], }
suse-su-2025:0524-1
Vulnerability from csaf_suse
Published
2025-02-14 07:16
Modified
2025-02-14 07:16
Summary
Security update for SUSE Manager Client Tools
Notes
Title of the patch
Security update for SUSE Manager Client Tools
Description of the patch
This update fixes the following issues:
golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):
- Security issues fixed:
* CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error
handling (bsc#1232970)
- Highlights of other changes:
* Performance:
+ Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and
remote write operations.
+ Default GOGC value lowered to 75 for better memory management.
+ Option to limit memory usage from dropped targets added.
* New Features:
+ Experimental OpenTelemetry ingestion.
+ Automatic memory limit handling.
+ Native histogram support, including new functions, UI enhancements, and improved scraping.
+ Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.
+ Expanded service discovery options with added metadata and support for new services.
+ New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.
* Bug Fixes:
+ Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
* For a detailed list of changes consult the package changelog or
https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3
golang-github-prometheus-promu was updated to version 0.17.0:
- Added codesign utility function
grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649):
- Security issues fixed:
* CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading
golang.org/x/crypto (bsc#1234554)
* CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
* CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301)
* CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024)
- Potential breaking changes in version 10:
* In panels using the `extract fields` transformation, where one
of the extracted names collides with one of the already
existing ields, the extracted field will be renamed.
* For the existing backend mode users who have table
visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will
potentially affect field transformations and/or field
overrides. To resolve this either: update transformation or
field override.
* For the existing backend mode users who have Transformations
with the `time` field, might see their transformations are
not working. Those panels that have broken transformations
will fail to render. This is because we changed the field
key. To resolve this either: Remove the affected panel and
re-create it; Select the `Time` field again; Edit the `time`
field as `Time` for transformation in `panel.json` or
`dashboard.json`
* The following data source permission endpoints have been removed:
`GET /datasources/:datasourceId/permissions`
`POST /api/datasources/:datasourceId/permissions`
`DELETE /datasources/:datasourceId/permissions`
`POST /datasources/:datasourceId/enable-permissions`
`POST /datasources/:datasourceId/disable-permissions`
+ Please use the following endpoints instead:
`GET /api/access-control/datasources/:uid` for listing data
source permissions
`POST /api/access-control/datasources/:uid/users/:id`,
`POST /api/access-control/datasources/:uid/teams/:id` and
`POST /api/access-control/datasources/:uid/buildInRoles/:id`
for adding or removing data source permissions
* If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your
provider.
* For the existing backend mode users who have table visualization might see some inconsistencies on their panels.
We have updated the table column naming. This will potentially affect field transformations and/or field overrides.
* The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed.
Dashboard information can be retrieved from the `/dashboard/...` APIs.
* The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID`
* Removed all components for the old panel header design.
* Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/
for more details
* OAuth role mapping enforcement: This change impacts GitHub,
Gitlab, Okta, and Generic OAuth. To avoid overriding manually
set roles, enable the skip_org_role_sync option in the
Grafana configuration for your OAuth provider before
upgrading
* Angular has been deprecated
* Grafana legacy alerting has been deprecated
* API keys are migrating to service accounts
* The experimental “dashboard previews” feature is removed
* Usernames are now case-insensitive by default
* Grafana OAuth integrations do not work anymore with email lookups
* The “Alias” field in the CloudWatch data source is removed
* Athena data source plugin must be updated to version >=2.9.3
* Redshift data source plugin must be updated to version >=1.8.3
* DoiT International BigQuery plugin no longer supported
* Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0
for more details
- This update brings many new features, enhancements and fixes highlighted at:
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/
* https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/
spacecmd was updated to version 5.0.11-0:
- Updated translation strings
supportutils-plugin-salt was updated to version 1.2.3:
- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)
- Provide backwards-compatible scripts version
supportutils-plugin-susemanager-client was updated to version 5.0.4-0:
- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)
uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:
- Security issues fixed:
* CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
- Other changes and bugs fixed:
* Version 0.1.27-0
+ Bump the default image tag to 5.0.3
+ IsInstalled function fix
+ Run systemctl daemon-reload after changing the container image config (bsc#1233279)
+ Coco-replicas-upgrade
+ Persist search server indexes (bsc#1231759)
+ Sync deletes files during migration (bsc#1233660)
+ Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
+ Add --registry back to mgrpxy (bsc#1233202)
+ Only add java.hostname on migrated server if not present
+ Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
+ Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
+ Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
* Version 0.1.26-0
+ Ignore all zypper caches during migration (bsc#1232769)
+ Use the uyuni network for all podman containers (bsc#1232817)
* Version 0.1.25-0
+ Don't migrate enabled systemd services, recreate them (bsc#1232575)
+ Redact JSESSIONID and pxt-session-cookie values from logs and
console output (bsc#1231568)
Patchnames
SUSE-2025-524,SUSE-SLE-Manager-Tools-12-2025-524
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Client Tools", title: "Title of the patch", }, { category: "description", text: "This update fixes the following issues:\n\ngolang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):\n\n- Security issues fixed:\n * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error\n handling (bsc#1232970)\n\n- Highlights of other changes:\n * Performance: \n + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and \n remote write operations.\n + Default GOGC value lowered to 75 for better memory management. \n + Option to limit memory usage from dropped targets added.\n * New Features:\n + Experimental OpenTelemetry ingestion.\n + Automatic memory limit handling.\n + Native histogram support, including new functions, UI enhancements, and improved scraping.\n + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.\n + Expanded service discovery options with added metadata and support for new services.\n + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.\n * Bug Fixes: \n + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.\n * For a detailed list of changes consult the package changelog or \n https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3\n\ngolang-github-prometheus-promu was updated to version 0.17.0:\n\n- Added codesign utility function\n\ngrafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649):\n\n- Security issues fixed:\n * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading \n golang.org/x/crypto (bsc#1234554)\n * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641)\n * CVE-2023-6152: Add email verification when updating user email (bsc#1219912)\n * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301)\n * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024)\n\n- Potential breaking changes in version 10:\n * In panels using the `extract fields` transformation, where one\n of the extracted names collides with one of the already\n existing ields, the extracted field will be renamed.\n * For the existing backend mode users who have table\n visualization might see some inconsistencies on their panels.\n We have updated the table column naming. This will\n potentially affect field transformations and/or field\n overrides. To resolve this either: update transformation or\n field override.\n * For the existing backend mode users who have Transformations\n with the `time` field, might see their transformations are\n not working. Those panels that have broken transformations\n will fail to render. This is because we changed the field\n key. To resolve this either: Remove the affected panel and\n re-create it; Select the `Time` field again; Edit the `time`\n field as `Time` for transformation in `panel.json` or\n `dashboard.json` \n * The following data source permission endpoints have been removed:\n `GET /datasources/:datasourceId/permissions`\n `POST /api/datasources/:datasourceId/permissions`\n `DELETE /datasources/:datasourceId/permissions`\n `POST /datasources/:datasourceId/enable-permissions`\n `POST /datasources/:datasourceId/disable-permissions`\n + Please use the following endpoints instead:\n `GET /api/access-control/datasources/:uid` for listing data\n source permissions\n `POST /api/access-control/datasources/:uid/users/:id`,\n `POST /api/access-control/datasources/:uid/teams/:id` and\n `POST /api/access-control/datasources/:uid/buildInRoles/:id` \n for adding or removing data source permissions\n * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your\n provider.\n * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. \n We have updated the table column naming. This will potentially affect field transformations and/or field overrides.\n * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. \n Dashboard information can be retrieved from the `/dashboard/...` APIs.\n * The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID`\n * Removed all components for the old panel header design.\n * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/\n for more details\n * OAuth role mapping enforcement: This change impacts GitHub,\n Gitlab, Okta, and Generic OAuth. To avoid overriding manually\n set roles, enable the skip_org_role_sync option in the\n Grafana configuration for your OAuth provider before\n upgrading\n * Angular has been deprecated\n * Grafana legacy alerting has been deprecated\n * API keys are migrating to service accounts\n * The experimental “dashboard previews” feature is removed\n * Usernames are now case-insensitive by default\n * Grafana OAuth integrations do not work anymore with email lookups\n * The “Alias” field in the CloudWatch data source is removed\n * Athena data source plugin must be updated to version >=2.9.3\n * Redshift data source plugin must be updated to version >=1.8.3\n * DoiT International BigQuery plugin no longer supported\n * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0\n for more details\n\n- This update brings many new features, enhancements and fixes highlighted at:\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/\n * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/\n\nspacecmd was updated to version 5.0.11-0:\n\n- Updated translation strings\n\nsupportutils-plugin-salt was updated to version 1.2.3:\n\n- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)\n- Provide backwards-compatible scripts version\n\nsupportutils-plugin-susemanager-client was updated to version 5.0.4-0:\n\n- Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145)\n\nuyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:\n\n- Security issues fixed:\n * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)\n- Other changes and bugs fixed:\n * Version 0.1.27-0\n + Bump the default image tag to 5.0.3\n + IsInstalled function fix\n + Run systemctl daemon-reload after changing the container image config (bsc#1233279)\n + Coco-replicas-upgrade\n + Persist search server indexes (bsc#1231759)\n + Sync deletes files during migration (bsc#1233660)\n + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)\n + Add --registry back to mgrpxy (bsc#1233202)\n + Only add java.hostname on migrated server if not present\n + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)\n + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)\n + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)\n * Version 0.1.26-0\n + Ignore all zypper caches during migration (bsc#1232769)\n + Use the uyuni network for all podman containers (bsc#1232817)\n * Version 0.1.25-0\n + Don't migrate enabled systemd services, recreate them (bsc#1232575)\n + Redact JSESSIONID and pxt-session-cookie values from logs and\n console output (bsc#1231568)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2025-524,SUSE-SLE-Manager-Tools-12-2025-524", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0524-1.json", }, { category: "self", summary: "URL for SUSE-SU-2025:0524-1", url: "https://www.suse.com/support/update/announcement/2025/suse-su-20250524-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2025:0524-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020348.html", }, { category: "self", summary: "SUSE Bug 1212641", url: "https://bugzilla.suse.com/1212641", }, { category: "self", summary: "SUSE Bug 1219912", url: "https://bugzilla.suse.com/1219912", }, { category: "self", summary: "SUSE Bug 1229079", url: "https://bugzilla.suse.com/1229079", }, { category: "self", summary: "SUSE Bug 1229104", url: "https://bugzilla.suse.com/1229104", }, { category: "self", summary: "SUSE Bug 1231024", url: "https://bugzilla.suse.com/1231024", }, { category: "self", summary: "SUSE Bug 1231497", url: "https://bugzilla.suse.com/1231497", }, { category: "self", summary: "SUSE Bug 1231568", url: "https://bugzilla.suse.com/1231568", }, { category: "self", summary: "SUSE Bug 1231759", url: "https://bugzilla.suse.com/1231759", }, { category: "self", summary: "SUSE Bug 1232575", url: "https://bugzilla.suse.com/1232575", }, { category: "self", summary: "SUSE Bug 1232769", url: "https://bugzilla.suse.com/1232769", }, { category: "self", summary: "SUSE Bug 1232817", url: "https://bugzilla.suse.com/1232817", }, { category: "self", summary: "SUSE Bug 1232970", url: "https://bugzilla.suse.com/1232970", }, { category: "self", summary: "SUSE Bug 1233202", url: "https://bugzilla.suse.com/1233202", }, { category: "self", summary: "SUSE Bug 1233279", url: "https://bugzilla.suse.com/1233279", }, { category: "self", summary: "SUSE Bug 1233630", url: "https://bugzilla.suse.com/1233630", }, { category: "self", summary: "SUSE Bug 1233660", url: "https://bugzilla.suse.com/1233660", }, { category: "self", summary: "SUSE Bug 1234123", url: "https://bugzilla.suse.com/1234123", }, { category: "self", summary: "SUSE Bug 1234554", url: "https://bugzilla.suse.com/1234554", }, { category: "self", summary: "SUSE Bug 1235145", url: "https://bugzilla.suse.com/1235145", }, { category: "self", summary: "SUSE Bug 1236301", url: "https://bugzilla.suse.com/1236301", }, { category: "self", summary: "SUSE CVE CVE-2023-3128 page", url: "https://www.suse.com/security/cve/CVE-2023-3128/", }, { category: "self", summary: "SUSE CVE CVE-2023-6152 page", url: "https://www.suse.com/security/cve/CVE-2023-6152/", }, { category: "self", summary: "SUSE CVE CVE-2024-22037 page", url: "https://www.suse.com/security/cve/CVE-2024-22037/", }, { category: "self", summary: "SUSE CVE CVE-2024-45337 page", url: "https://www.suse.com/security/cve/CVE-2024-45337/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, { category: "self", summary: "SUSE CVE CVE-2024-6837 page", url: "https://www.suse.com/security/cve/CVE-2024-6837/", }, { category: "self", summary: "SUSE CVE CVE-2024-8118 page", url: "https://www.suse.com/security/cve/CVE-2024-8118/", }, ], title: "Security update for SUSE Manager Client Tools", tracking: { current_release_date: "2025-02-14T07:16:36Z", generator: { date: "2025-02-14T07:16:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2025:0524-1", initial_release_date: "2025-02-14T07:16:36Z", revision_history: [ { date: "2025-02-14T07:16:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", product: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", product_id: "golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", product: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", product_id: "golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", }, }, { category: "product_version", name: "grafana-10.4.13-1.66.2.aarch64", product: { name: "grafana-10.4.13-1.66.2.aarch64", product_id: "grafana-10.4.13-1.66.2.aarch64", }, }, { category: "product_version", name: "mgrctl-0.1.28-1.16.1.aarch64", product: { name: "mgrctl-0.1.28-1.16.1.aarch64", product_id: "mgrctl-0.1.28-1.16.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.i586", product: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.i586", product_id: "golang-github-prometheus-prometheus-2.53.3-1.56.1.i586", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-1.24.1.i586", product: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.i586", product_id: "golang-github-prometheus-promu-0.17.0-1.24.1.i586", }, }, { category: "product_version", name: "grafana-10.4.13-1.66.2.i586", product: { name: "grafana-10.4.13-1.66.2.i586", product_id: "grafana-10.4.13-1.66.2.i586", }, }, { category: "product_version", name: "mgrctl-0.1.28-1.16.1.i586", product: { name: "mgrctl-0.1.28-1.16.1.i586", product_id: "mgrctl-0.1.28-1.16.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "mgrctl-bash-completion-0.1.28-1.16.1.noarch", product: { name: "mgrctl-bash-completion-0.1.28-1.16.1.noarch", product_id: "mgrctl-bash-completion-0.1.28-1.16.1.noarch", }, }, { category: "product_version", name: "mgrctl-lang-0.1.28-1.16.1.noarch", product: { name: "mgrctl-lang-0.1.28-1.16.1.noarch", product_id: "mgrctl-lang-0.1.28-1.16.1.noarch", }, }, { category: "product_version", name: "mgrctl-zsh-completion-0.1.28-1.16.1.noarch", product: { name: "mgrctl-zsh-completion-0.1.28-1.16.1.noarch", product_id: "mgrctl-zsh-completion-0.1.28-1.16.1.noarch", }, }, { category: "product_version", name: "spacecmd-5.0.11-38.153.1.noarch", product: { name: "spacecmd-5.0.11-38.153.1.noarch", product_id: "spacecmd-5.0.11-38.153.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-salt-1.2.3-6.25.1.noarch", product: { name: "supportutils-plugin-salt-1.2.3-6.25.1.noarch", product_id: "supportutils-plugin-salt-1.2.3-6.25.1.noarch", }, }, { category: "product_version", name: "supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", product: { name: "supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", product_id: "supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", product: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", product_id: "golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", product: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", product_id: "golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", }, }, { category: "product_version", name: "grafana-10.4.13-1.66.2.ppc64le", product: { name: "grafana-10.4.13-1.66.2.ppc64le", product_id: "grafana-10.4.13-1.66.2.ppc64le", }, }, { category: "product_version", name: "mgrctl-0.1.28-1.16.1.ppc64le", product: { name: "mgrctl-0.1.28-1.16.1.ppc64le", product_id: "mgrctl-0.1.28-1.16.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", product: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", product_id: "golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-1.24.1.s390x", product: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.s390x", product_id: "golang-github-prometheus-promu-0.17.0-1.24.1.s390x", }, }, { category: "product_version", name: "grafana-10.4.13-1.66.2.s390x", product: { name: "grafana-10.4.13-1.66.2.s390x", product_id: "grafana-10.4.13-1.66.2.s390x", }, }, { category: "product_version", name: "mgrctl-0.1.28-1.16.1.s390x", product: { name: "mgrctl-0.1.28-1.16.1.s390x", product_id: "mgrctl-0.1.28-1.16.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", product: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", product_id: "golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", }, }, { category: "product_version", name: "golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", product: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", product_id: "golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", }, }, { category: "product_version", name: "grafana-10.4.13-1.66.2.x86_64", product: { name: "grafana-10.4.13-1.66.2.x86_64", product_id: "grafana-10.4.13-1.66.2.x86_64", }, }, { category: "product_version", name: "mgrctl-0.1.28-1.16.1.x86_64", product: { name: "mgrctl-0.1.28-1.16.1.x86_64", product_id: "mgrctl-0.1.28-1.16.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Client Tools 12", product: { name: "SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", }, product_reference: "golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", }, product_reference: "golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", }, product_reference: "golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", }, product_reference: "golang-github-prometheus-promu-0.17.0-1.24.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "golang-github-prometheus-promu-0.17.0-1.24.1.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", }, product_reference: "golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-1.66.2.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", }, product_reference: "grafana-10.4.13-1.66.2.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-1.66.2.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", }, product_reference: "grafana-10.4.13-1.66.2.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-1.66.2.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", }, product_reference: "grafana-10.4.13-1.66.2.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "grafana-10.4.13-1.66.2.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", }, product_reference: "grafana-10.4.13-1.66.2.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-1.16.1.aarch64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", }, product_reference: "mgrctl-0.1.28-1.16.1.aarch64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-1.16.1.ppc64le as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", }, product_reference: "mgrctl-0.1.28-1.16.1.ppc64le", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-1.16.1.s390x as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", }, product_reference: "mgrctl-0.1.28-1.16.1.s390x", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-0.1.28-1.16.1.x86_64 as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", }, product_reference: "mgrctl-0.1.28-1.16.1.x86_64", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-bash-completion-0.1.28-1.16.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", }, product_reference: "mgrctl-bash-completion-0.1.28-1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "mgrctl-zsh-completion-0.1.28-1.16.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", }, product_reference: "mgrctl-zsh-completion-0.1.28-1.16.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "spacecmd-5.0.11-38.153.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", }, product_reference: "spacecmd-5.0.11-38.153.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-salt-1.2.3-6.25.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", }, product_reference: "supportutils-plugin-salt-1.2.3-6.25.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, { category: "default_component_of", full_product_name: { name: "supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch as component of SUSE Manager Client Tools 12", product_id: "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", }, product_reference: "supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", relates_to_product_reference: "SUSE Manager Client Tools 12", }, ], }, vulnerabilities: [ { cve: "CVE-2023-3128", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-3128", }, ], notes: [ { category: "general", text: "Grafana is validating Azure AD accounts based on the email claim. \n\nOn Azure AD, the profile email field is not unique and can be easily modified. \n\nThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-3128", url: "https://www.suse.com/security/cve/CVE-2023-3128", }, { category: "external", summary: "SUSE Bug 1212641 for CVE-2023-3128", url: "https://bugzilla.suse.com/1212641", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.4, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "critical", }, ], title: "CVE-2023-3128", }, { cve: "CVE-2023-6152", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-6152", }, ], notes: [ { category: "general", text: "A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option \"verify_email_enabled\" will only validate email only on sign up.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2023-6152", url: "https://www.suse.com/security/cve/CVE-2023-6152", }, { category: "external", summary: "SUSE Bug 1219912 for CVE-2023-6152", url: "https://bugzilla.suse.com/1219912", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "moderate", }, ], title: "CVE-2023-6152", }, { cve: "CVE-2024-22037", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-22037", }, ], notes: [ { category: "general", text: "The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-22037", url: "https://www.suse.com/security/cve/CVE-2024-22037", }, { category: "external", summary: "SUSE Bug 1231497 for CVE-2024-22037", url: "https://bugzilla.suse.com/1231497", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "moderate", }, ], title: "CVE-2024-22037", }, { cve: "CVE-2024-45337", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45337", }, ], notes: [ { category: "general", text: "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-45337", url: "https://www.suse.com/security/cve/CVE-2024-45337", }, { category: "external", summary: "SUSE Bug 1234482 for CVE-2024-45337", url: "https://bugzilla.suse.com/1234482", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "important", }, ], title: "CVE-2024-45337", }, { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "low", }, ], title: "CVE-2024-51744", }, { cve: "CVE-2024-6837", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-6837", }, ], notes: [ { category: "general", text: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-6837", url: "https://www.suse.com/security/cve/CVE-2024-6837", }, { category: "external", summary: "SUSE Bug 1236301 for CVE-2024-6837", url: "https://bugzilla.suse.com/1236301", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "moderate", }, ], title: "CVE-2024-6837", }, { cve: "CVE-2024-8118", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-8118", }, ], notes: [ { category: "general", text: "In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-8118", url: "https://www.suse.com/security/cve/CVE-2024-8118", }, { category: "external", summary: "SUSE Bug 1231024 for CVE-2024-8118", url: "https://bugzilla.suse.com/1231024", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.3-1.56.1.x86_64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.aarch64", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.ppc64le", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.s390x", "SUSE Manager Client Tools 12:golang-github-prometheus-promu-0.17.0-1.24.1.x86_64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.aarch64", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.ppc64le", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.s390x", "SUSE Manager Client Tools 12:grafana-10.4.13-1.66.2.x86_64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.aarch64", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.ppc64le", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.s390x", "SUSE Manager Client Tools 12:mgrctl-0.1.28-1.16.1.x86_64", "SUSE Manager Client Tools 12:mgrctl-bash-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:mgrctl-zsh-completion-0.1.28-1.16.1.noarch", "SUSE Manager Client Tools 12:spacecmd-5.0.11-38.153.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-salt-1.2.3-6.25.1.noarch", "SUSE Manager Client Tools 12:supportutils-plugin-susemanager-client-5.0.4-6.33.1.noarch", ], }, ], threats: [ { category: "impact", date: "2025-02-14T07:16:36Z", details: "moderate", }, ], title: "CVE-2024-8118", }, ], }
opensuse-su-2024:14517-1
Vulnerability from csaf_opensuse
Published
2024-11-21 00:00
Modified
2024-11-21 00:00
Summary
traefik2-2.11.14-1.1 on GA media
Notes
Title of the patch
traefik2-2.11.14-1.1 on GA media
Description of the patch
These are all security issues fixed in the traefik2-2.11.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "traefik2-2.11.14-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the traefik2-2.11.14-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14517", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14517-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14517-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K5YH6ZA2JQ3Z35FVNJRKHS4UMH5RMAUJ/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14517-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K5YH6ZA2JQ3Z35FVNJRKHS4UMH5RMAUJ/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "traefik2-2.11.14-1.1 on GA media", tracking: { current_release_date: "2024-11-21T00:00:00Z", generator: { date: "2024-11-21T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14517-1", initial_release_date: "2024-11-21T00:00:00Z", revision_history: [ { date: "2024-11-21T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "traefik2-2.11.14-1.1.aarch64", product: { name: "traefik2-2.11.14-1.1.aarch64", product_id: "traefik2-2.11.14-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "traefik2-2.11.14-1.1.ppc64le", product: { name: "traefik2-2.11.14-1.1.ppc64le", product_id: "traefik2-2.11.14-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "traefik2-2.11.14-1.1.s390x", product: { name: "traefik2-2.11.14-1.1.s390x", product_id: "traefik2-2.11.14-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "traefik2-2.11.14-1.1.x86_64", product: { name: "traefik2-2.11.14-1.1.x86_64", product_id: "traefik2-2.11.14-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "traefik2-2.11.14-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik2-2.11.14-1.1.aarch64", }, product_reference: "traefik2-2.11.14-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik2-2.11.14-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik2-2.11.14-1.1.ppc64le", }, product_reference: "traefik2-2.11.14-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik2-2.11.14-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik2-2.11.14-1.1.s390x", }, product_reference: "traefik2-2.11.14-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik2-2.11.14-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik2-2.11.14-1.1.x86_64", }, product_reference: "traefik2-2.11.14-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:traefik2-2.11.14-1.1.aarch64", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.ppc64le", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.s390x", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:traefik2-2.11.14-1.1.aarch64", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.ppc64le", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.s390x", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:traefik2-2.11.14-1.1.aarch64", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.ppc64le", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.s390x", "openSUSE Tumbleweed:traefik2-2.11.14-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-11-21T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
opensuse-su-2025:14840-1
Vulnerability from csaf_opensuse
Published
2025-02-26 00:00
Modified
2025-02-26 00:00
Summary
trivy-0.59.1-1.1 on GA media
Notes
Title of the patch
trivy-0.59.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.59.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14840
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "trivy-0.59.1-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the trivy-0.59.1-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14840", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14840-1.json", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, { category: "self", summary: "SUSE CVE CVE-2025-27144 page", url: "https://www.suse.com/security/cve/CVE-2025-27144/", }, ], title: "trivy-0.59.1-1.1 on GA media", tracking: { current_release_date: "2025-02-26T00:00:00Z", generator: { date: "2025-02-26T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14840-1", initial_release_date: "2025-02-26T00:00:00Z", revision_history: [ { date: "2025-02-26T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.59.1-1.1.aarch64", product: { name: "trivy-0.59.1-1.1.aarch64", product_id: "trivy-0.59.1-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.59.1-1.1.ppc64le", product: { name: "trivy-0.59.1-1.1.ppc64le", product_id: "trivy-0.59.1-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "trivy-0.59.1-1.1.s390x", product: { name: "trivy-0.59.1-1.1.s390x", product_id: "trivy-0.59.1-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.59.1-1.1.x86_64", product: { name: "trivy-0.59.1-1.1.x86_64", product_id: "trivy-0.59.1-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.59.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", }, product_reference: "trivy-0.59.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.59.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", }, product_reference: "trivy-0.59.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.59.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", }, product_reference: "trivy-0.59.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.59.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", }, product_reference: "trivy-0.59.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, { cve: "CVE-2025-27144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-27144", }, ], notes: [ { category: "general", text: "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-27144", url: "https://www.suse.com/security/cve/CVE-2025-27144", }, { category: "external", summary: "SUSE Bug 1237608 for CVE-2025-27144", url: "https://bugzilla.suse.com/1237608", }, { category: "external", summary: "SUSE Bug 1237609 for CVE-2025-27144", url: "https://bugzilla.suse.com/1237609", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:trivy-0.59.1-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.59.1-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.59.1-1.1.s390x", "openSUSE Tumbleweed:trivy-0.59.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-26T00:00:00Z", details: "important", }, ], title: "CVE-2025-27144", }, ], }
opensuse-su-2024:14484-1
Vulnerability from csaf_opensuse
Published
2024-11-12 00:00
Modified
2024-11-12 00:00
Summary
govulncheck-vulndb-0.0.20241112T145010-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20241112T145010-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20241112T145010-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14484
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "govulncheck-vulndb-0.0.20241112T145010-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the govulncheck-vulndb-0.0.20241112T145010-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14484", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14484-1.json", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "govulncheck-vulndb-0.0.20241112T145010-1.1 on GA media", tracking: { current_release_date: "2024-11-12T00:00:00Z", generator: { date: "2024-11-12T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14484-1", initial_release_date: "2024-11-12T00:00:00Z", revision_history: [ { date: "2024-11-12T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", product: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", product_id: "govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", product: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", product_id: "govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", product: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", product_id: "govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", product: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", product_id: "govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", }, product_reference: "govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.aarch64", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.ppc64le", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.s390x", "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20241112T145010-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-11-12T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
opensuse-su-2025:14663-1
Vulnerability from csaf_opensuse
Published
2025-01-17 00:00
Modified
2025-01-17 00:00
Summary
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14663
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the velociraptor-0.7.0.4.git142.862ef23-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14663", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14663-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:14663-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:14663-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IL7QOYRPFRGRS6UKU6ZYHI76FWFFUJNK/", }, { category: "self", summary: "SUSE CVE CVE-2023-1732 page", url: "https://www.suse.com/security/cve/CVE-2023-1732/", }, { category: "self", summary: "SUSE CVE CVE-2023-44270 page", url: "https://www.suse.com/security/cve/CVE-2023-44270/", }, { category: "self", summary: "SUSE CVE CVE-2023-45133 page", url: "https://www.suse.com/security/cve/CVE-2023-45133/", }, { category: "self", summary: "SUSE CVE CVE-2023-45683 page", url: "https://www.suse.com/security/cve/CVE-2023-45683/", }, { category: "self", summary: "SUSE CVE CVE-2023-46234 page", url: "https://www.suse.com/security/cve/CVE-2023-46234/", }, { category: "self", summary: "SUSE CVE CVE-2024-21538 page", url: "https://www.suse.com/security/cve/CVE-2024-21538/", }, { category: "self", summary: "SUSE CVE CVE-2024-23331 page", url: "https://www.suse.com/security/cve/CVE-2024-23331/", }, { category: "self", summary: "SUSE CVE CVE-2024-24786 page", url: "https://www.suse.com/security/cve/CVE-2024-24786/", }, { category: "self", summary: "SUSE CVE CVE-2024-28180 page", url: "https://www.suse.com/security/cve/CVE-2024-28180/", }, { category: "self", summary: "SUSE CVE CVE-2024-31207 page", url: "https://www.suse.com/security/cve/CVE-2024-31207/", }, { category: "self", summary: "SUSE CVE CVE-2024-37298 page", url: "https://www.suse.com/security/cve/CVE-2024-37298/", }, { category: "self", summary: "SUSE CVE CVE-2024-4067 page", url: "https://www.suse.com/security/cve/CVE-2024-4067/", }, { category: "self", summary: "SUSE CVE CVE-2024-4068 page", url: "https://www.suse.com/security/cve/CVE-2024-4068/", }, { category: "self", summary: "SUSE CVE CVE-2024-42459 page", url: "https://www.suse.com/security/cve/CVE-2024-42459/", }, { category: "self", summary: "SUSE CVE CVE-2024-42460 page", url: "https://www.suse.com/security/cve/CVE-2024-42460/", }, { category: "self", summary: "SUSE CVE CVE-2024-42461 page", url: "https://www.suse.com/security/cve/CVE-2024-42461/", }, { category: "self", summary: "SUSE CVE CVE-2024-45296 page", url: "https://www.suse.com/security/cve/CVE-2024-45296/", }, { category: "self", summary: "SUSE CVE CVE-2024-45338 page", url: "https://www.suse.com/security/cve/CVE-2024-45338/", }, { category: "self", summary: "SUSE CVE CVE-2024-45811 page", url: "https://www.suse.com/security/cve/CVE-2024-45811/", }, { category: "self", summary: "SUSE CVE CVE-2024-45812 page", url: "https://www.suse.com/security/cve/CVE-2024-45812/", }, { category: "self", summary: "SUSE CVE CVE-2024-47068 page", url: "https://www.suse.com/security/cve/CVE-2024-47068/", }, { category: "self", summary: "SUSE CVE CVE-2024-47875 page", url: "https://www.suse.com/security/cve/CVE-2024-47875/", }, { category: "self", summary: "SUSE CVE CVE-2024-48948 page", url: "https://www.suse.com/security/cve/CVE-2024-48948/", }, { category: "self", summary: "SUSE CVE CVE-2024-48949 page", url: "https://www.suse.com/security/cve/CVE-2024-48949/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, { category: "self", summary: "SUSE CVE CVE-2024-55565 page", url: "https://www.suse.com/security/cve/CVE-2024-55565/", }, { category: "self", summary: "SUSE CVE CVE-2024-6104 page", url: "https://www.suse.com/security/cve/CVE-2024-6104/", }, ], title: "velociraptor-0.7.0.4.git142.862ef23-1.1 on GA media", tracking: { current_release_date: "2025-01-17T00:00:00Z", generator: { date: "2025-01-17T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14663-1", initial_release_date: "2025-01-17T00:00:00Z", revision_history: [ { date: "2025-01-17T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", product: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", product_id: "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", product: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", product_id: "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", product: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", product_id: "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", product: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", product_id: "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", }, product_reference: "velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", }, product_reference: "velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", }, product_reference: "velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", }, product_reference: "velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-1732", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-1732", }, ], notes: [ { category: "general", text: "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-1732", url: "https://www.suse.com/security/cve/CVE-2023-1732", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2023-1732", }, { cve: "CVE-2023-44270", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-44270", }, ], notes: [ { category: "general", text: "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-44270", url: "https://www.suse.com/security/cve/CVE-2023-44270", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-44270", }, { cve: "CVE-2023-45133", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45133", }, ], notes: [ { category: "general", text: "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45133", url: "https://www.suse.com/security/cve/CVE-2023-45133", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.3, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "critical", }, ], title: "CVE-2023-45133", }, { cve: "CVE-2023-45683", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45683", }, ], notes: [ { category: "general", text: "github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim's browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45683", url: "https://www.suse.com/security/cve/CVE-2023-45683", }, { category: "external", summary: "SUSE Bug 1216308 for CVE-2023-45683", url: "https://bugzilla.suse.com/1216308", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2023-45683", }, { cve: "CVE-2023-46234", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-46234", }, ], notes: [ { category: "general", text: "browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-46234", url: "https://www.suse.com/security/cve/CVE-2023-46234", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2023-46234", }, { cve: "CVE-2024-21538", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21538", }, ], notes: [ { category: "general", text: "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21538", url: "https://www.suse.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "SUSE Bug 1233843 for CVE-2024-21538", url: "https://bugzilla.suse.com/1233843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-21538", }, { cve: "CVE-2024-23331", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-23331", }, ], notes: [ { category: "general", text: "Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-23331", url: "https://www.suse.com/security/cve/CVE-2024-23331", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-23331", }, { cve: "CVE-2024-24786", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-24786", }, ], notes: [ { category: "general", text: "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-24786", url: "https://www.suse.com/security/cve/CVE-2024-24786", }, { category: "external", summary: "SUSE Bug 1226136 for CVE-2024-24786", url: "https://bugzilla.suse.com/1226136", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-24786", }, { cve: "CVE-2024-28180", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-28180", }, ], notes: [ { category: "general", text: "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-28180", url: "https://www.suse.com/security/cve/CVE-2024-28180", }, { category: "external", summary: "SUSE Bug 1234984 for CVE-2024-28180", url: "https://bugzilla.suse.com/1234984", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-28180", }, { cve: "CVE-2024-31207", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-31207", }, ], notes: [ { category: "general", text: "Vite (French word for \"quick\", pronounced /vit/, like \"veet\") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories. This vulnerability has been patched in version(s) 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.18.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-31207", url: "https://www.suse.com/security/cve/CVE-2024-31207", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-31207", }, { cve: "CVE-2024-37298", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-37298", }, ], notes: [ { category: "general", text: "gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-37298", url: "https://www.suse.com/security/cve/CVE-2024-37298", }, { category: "external", summary: "SUSE Bug 1227309 for CVE-2024-37298", url: "https://bugzilla.suse.com/1227309", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-37298", }, { cve: "CVE-2024-4067", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-4067", }, ], notes: [ { category: "general", text: "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-4067", url: "https://www.suse.com/security/cve/CVE-2024-4067", }, { category: "external", summary: "SUSE Bug 1224255 for CVE-2024-4067", url: "https://bugzilla.suse.com/1224255", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-4067", }, { cve: "CVE-2024-4068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-4068", }, ], notes: [ { category: "general", text: "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-4068", url: "https://www.suse.com/security/cve/CVE-2024-4068", }, { category: "external", summary: "SUSE Bug 1224256 for CVE-2024-4068", url: "https://bugzilla.suse.com/1224256", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-4068", }, { cve: "CVE-2024-42459", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42459", }, ], notes: [ { category: "general", text: "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42459", url: "https://www.suse.com/security/cve/CVE-2024-42459", }, { category: "external", summary: "SUSE Bug 1232538 for CVE-2024-42459", url: "https://bugzilla.suse.com/1232538", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-42459", }, { cve: "CVE-2024-42460", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42460", }, ], notes: [ { category: "general", text: "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42460", url: "https://www.suse.com/security/cve/CVE-2024-42460", }, { category: "external", summary: "SUSE Bug 1232538 for CVE-2024-42460", url: "https://bugzilla.suse.com/1232538", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-42460", }, { cve: "CVE-2024-42461", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-42461", }, ], notes: [ { category: "general", text: "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-42461", url: "https://www.suse.com/security/cve/CVE-2024-42461", }, { category: "external", summary: "SUSE Bug 1232538 for CVE-2024-42461", url: "https://bugzilla.suse.com/1232538", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-42461", }, { cve: "CVE-2024-45296", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45296", }, ], notes: [ { category: "general", text: "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45296", url: "https://www.suse.com/security/cve/CVE-2024-45296", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-45296", }, { cve: "CVE-2024-45338", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45338", }, ], notes: [ { category: "general", text: "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45338", url: "https://www.suse.com/security/cve/CVE-2024-45338", }, { category: "external", summary: "SUSE Bug 1234794 for CVE-2024-45338", url: "https://bugzilla.suse.com/1234794", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-45338", }, { cve: "CVE-2024-45811", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45811", }, ], notes: [ { category: "general", text: "Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45811", url: "https://www.suse.com/security/cve/CVE-2024-45811", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-45811", }, { cve: "CVE-2024-45812", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-45812", }, ], notes: [ { category: "general", text: "Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-45812", url: "https://www.suse.com/security/cve/CVE-2024-45812", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-45812", }, { cve: "CVE-2024-47068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-47068", }, ], notes: [ { category: "general", text: "Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-47068", url: "https://www.suse.com/security/cve/CVE-2024-47068", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-47068", }, { cve: "CVE-2024-47875", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-47875", }, ], notes: [ { category: "general", text: "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-47875", url: "https://www.suse.com/security/cve/CVE-2024-47875", }, { category: "external", summary: "SUSE Bug 1231571 for CVE-2024-47875", url: "https://bugzilla.suse.com/1231571", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-47875", }, { cve: "CVE-2024-48948", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-48948", }, ], notes: [ { category: "general", text: "The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. This leads to valid signatures being rejected. Legitimate transactions or communications may be incorrectly flagged as invalid.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-48948", url: "https://www.suse.com/security/cve/CVE-2024-48948", }, { category: "external", summary: "SUSE Bug 1231681 for CVE-2024-48948", url: "https://bugzilla.suse.com/1231681", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-48948", }, { cve: "CVE-2024-48949", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-48949", }, ], notes: [ { category: "general", text: "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-48949", url: "https://www.suse.com/security/cve/CVE-2024-48949", }, { category: "external", summary: "SUSE Bug 1231557 for CVE-2024-48949", url: "https://bugzilla.suse.com/1231557", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "important", }, ], title: "CVE-2024-48949", }, { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, { cve: "CVE-2024-55565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-55565", }, ], notes: [ { category: "general", text: "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-55565", url: "https://www.suse.com/security/cve/CVE-2024-55565", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-55565", }, { cve: "CVE-2024-6104", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-6104", }, ], notes: [ { category: "general", text: "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-6104", url: "https://www.suse.com/security/cve/CVE-2024-6104", }, { category: "external", summary: "SUSE Bug 1227024 for CVE-2024-6104", url: "https://bugzilla.suse.com/1227024", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.aarch64", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.ppc64le", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.s390x", "openSUSE Tumbleweed:velociraptor-0.7.0.4.git142.862ef23-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-01-17T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-6104", }, ], }
opensuse-su-2024:14495-1
Vulnerability from csaf_opensuse
Published
2024-11-14 00:00
Modified
2024-11-14 00:00
Summary
rclone-1.68.1-2.1 on GA media
Notes
Title of the patch
rclone-1.68.1-2.1 on GA media
Description of the patch
These are all security issues fixed in the rclone-1.68.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14495
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "rclone-1.68.1-2.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the rclone-1.68.1-2.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14495", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14495-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14495-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z2Z4KRNR3L2CXM6VPBBBFXIJ2NM4JPWE/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14495-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z2Z4KRNR3L2CXM6VPBBBFXIJ2NM4JPWE/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "rclone-1.68.1-2.1 on GA media", tracking: { current_release_date: "2024-11-14T00:00:00Z", generator: { date: "2024-11-14T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14495-1", initial_release_date: "2024-11-14T00:00:00Z", revision_history: [ { date: "2024-11-14T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "rclone-1.68.1-2.1.aarch64", product: { name: "rclone-1.68.1-2.1.aarch64", product_id: "rclone-1.68.1-2.1.aarch64", }, }, { category: "product_version", name: "rclone-bash-completion-1.68.1-2.1.aarch64", product: { name: "rclone-bash-completion-1.68.1-2.1.aarch64", product_id: "rclone-bash-completion-1.68.1-2.1.aarch64", }, }, { category: "product_version", name: "rclone-zsh-completion-1.68.1-2.1.aarch64", product: { name: "rclone-zsh-completion-1.68.1-2.1.aarch64", product_id: "rclone-zsh-completion-1.68.1-2.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "rclone-1.68.1-2.1.ppc64le", product: { name: "rclone-1.68.1-2.1.ppc64le", product_id: "rclone-1.68.1-2.1.ppc64le", }, }, { category: "product_version", name: "rclone-bash-completion-1.68.1-2.1.ppc64le", product: { name: "rclone-bash-completion-1.68.1-2.1.ppc64le", product_id: "rclone-bash-completion-1.68.1-2.1.ppc64le", }, }, { category: "product_version", name: "rclone-zsh-completion-1.68.1-2.1.ppc64le", product: { name: "rclone-zsh-completion-1.68.1-2.1.ppc64le", product_id: "rclone-zsh-completion-1.68.1-2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "rclone-1.68.1-2.1.s390x", product: { name: "rclone-1.68.1-2.1.s390x", product_id: "rclone-1.68.1-2.1.s390x", }, }, { category: "product_version", name: "rclone-bash-completion-1.68.1-2.1.s390x", product: { name: "rclone-bash-completion-1.68.1-2.1.s390x", product_id: "rclone-bash-completion-1.68.1-2.1.s390x", }, }, { category: "product_version", name: "rclone-zsh-completion-1.68.1-2.1.s390x", product: { name: "rclone-zsh-completion-1.68.1-2.1.s390x", product_id: "rclone-zsh-completion-1.68.1-2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "rclone-1.68.1-2.1.x86_64", product: { name: "rclone-1.68.1-2.1.x86_64", product_id: "rclone-1.68.1-2.1.x86_64", }, }, { category: "product_version", name: "rclone-bash-completion-1.68.1-2.1.x86_64", product: { name: "rclone-bash-completion-1.68.1-2.1.x86_64", product_id: "rclone-bash-completion-1.68.1-2.1.x86_64", }, }, { category: "product_version", name: "rclone-zsh-completion-1.68.1-2.1.x86_64", product: { name: "rclone-zsh-completion-1.68.1-2.1.x86_64", product_id: "rclone-zsh-completion-1.68.1-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rclone-1.68.1-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-1.68.1-2.1.aarch64", }, product_reference: "rclone-1.68.1-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-1.68.1-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-1.68.1-2.1.ppc64le", }, product_reference: "rclone-1.68.1-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-1.68.1-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-1.68.1-2.1.s390x", }, product_reference: "rclone-1.68.1-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-1.68.1-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-1.68.1-2.1.x86_64", }, product_reference: "rclone-1.68.1-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-bash-completion-1.68.1-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.aarch64", }, product_reference: "rclone-bash-completion-1.68.1-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-bash-completion-1.68.1-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.ppc64le", }, product_reference: "rclone-bash-completion-1.68.1-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-bash-completion-1.68.1-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.s390x", }, product_reference: "rclone-bash-completion-1.68.1-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-bash-completion-1.68.1-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.x86_64", }, product_reference: "rclone-bash-completion-1.68.1-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-zsh-completion-1.68.1-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.aarch64", }, product_reference: "rclone-zsh-completion-1.68.1-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-zsh-completion-1.68.1-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.ppc64le", }, product_reference: "rclone-zsh-completion-1.68.1-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-zsh-completion-1.68.1-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.s390x", }, product_reference: "rclone-zsh-completion-1.68.1-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "rclone-zsh-completion-1.68.1-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.x86_64", }, product_reference: "rclone-zsh-completion-1.68.1-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:rclone-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:rclone-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:rclone-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-bash-completion-1.68.1-2.1.x86_64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.aarch64", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.ppc64le", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.s390x", "openSUSE Tumbleweed:rclone-zsh-completion-1.68.1-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-11-14T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
opensuse-su-2024:14481-1
Vulnerability from csaf_opensuse
Published
2024-11-09 00:00
Modified
2024-11-09 00:00
Summary
coredns-1.11.3+git129.387f34d-1.1 on GA media
Notes
Title of the patch
coredns-1.11.3+git129.387f34d-1.1 on GA media
Description of the patch
These are all security issues fixed in the coredns-1.11.3+git129.387f34d-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14481
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "coredns-1.11.3+git129.387f34d-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the coredns-1.11.3+git129.387f34d-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14481", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14481-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14481-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FRQMZTGDFOBRPKL5LYFU2R55SK6DBIPC/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14481-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FRQMZTGDFOBRPKL5LYFU2R55SK6DBIPC/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "coredns-1.11.3+git129.387f34d-1.1 on GA media", tracking: { current_release_date: "2024-11-09T00:00:00Z", generator: { date: "2024-11-09T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14481-1", initial_release_date: "2024-11-09T00:00:00Z", revision_history: [ { date: "2024-11-09T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "coredns-1.11.3+git129.387f34d-1.1.aarch64", product: { name: "coredns-1.11.3+git129.387f34d-1.1.aarch64", product_id: "coredns-1.11.3+git129.387f34d-1.1.aarch64", }, }, { category: "product_version", name: "coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", product: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", product_id: "coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "coredns-1.11.3+git129.387f34d-1.1.ppc64le", product: { name: "coredns-1.11.3+git129.387f34d-1.1.ppc64le", product_id: "coredns-1.11.3+git129.387f34d-1.1.ppc64le", }, }, { category: "product_version", name: "coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", product: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", product_id: "coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "coredns-1.11.3+git129.387f34d-1.1.s390x", product: { name: "coredns-1.11.3+git129.387f34d-1.1.s390x", product_id: "coredns-1.11.3+git129.387f34d-1.1.s390x", }, }, { category: "product_version", name: "coredns-extras-1.11.3+git129.387f34d-1.1.s390x", product: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.s390x", product_id: "coredns-extras-1.11.3+git129.387f34d-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "coredns-1.11.3+git129.387f34d-1.1.x86_64", product: { name: "coredns-1.11.3+git129.387f34d-1.1.x86_64", product_id: "coredns-1.11.3+git129.387f34d-1.1.x86_64", }, }, { category: "product_version", name: "coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", product: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", product_id: "coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "coredns-1.11.3+git129.387f34d-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.aarch64", }, product_reference: "coredns-1.11.3+git129.387f34d-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-1.11.3+git129.387f34d-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.ppc64le", }, product_reference: "coredns-1.11.3+git129.387f34d-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-1.11.3+git129.387f34d-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.s390x", }, product_reference: "coredns-1.11.3+git129.387f34d-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-1.11.3+git129.387f34d-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.x86_64", }, product_reference: "coredns-1.11.3+git129.387f34d-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", }, product_reference: "coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", }, product_reference: "coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.s390x", }, product_reference: "coredns-extras-1.11.3+git129.387f34d-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "coredns-extras-1.11.3+git129.387f34d-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", }, product_reference: "coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.x86_64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.x86_64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-1.11.3+git129.387f34d-1.1.x86_64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.aarch64", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.ppc64le", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.s390x", "openSUSE Tumbleweed:coredns-extras-1.11.3+git129.387f34d-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-11-09T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
opensuse-su-2024:14522-1
Vulnerability from csaf_opensuse
Published
2024-11-23 00:00
Modified
2024-11-23 00:00
Summary
traefik-3.2.1-1.1 on GA media
Notes
Title of the patch
traefik-3.2.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the traefik-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14522
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "traefik-3.2.1-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the traefik-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14522", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14522-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14522-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VWEFHGRWATJW5MOESA3XEER2UJZLJOD/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14522-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2VWEFHGRWATJW5MOESA3XEER2UJZLJOD/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "traefik-3.2.1-1.1 on GA media", tracking: { current_release_date: "2024-11-23T00:00:00Z", generator: { date: "2024-11-23T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14522-1", initial_release_date: "2024-11-23T00:00:00Z", revision_history: [ { date: "2024-11-23T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "traefik-3.2.1-1.1.aarch64", product: { name: "traefik-3.2.1-1.1.aarch64", product_id: "traefik-3.2.1-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "traefik-3.2.1-1.1.ppc64le", product: { name: "traefik-3.2.1-1.1.ppc64le", product_id: "traefik-3.2.1-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "traefik-3.2.1-1.1.s390x", product: { name: "traefik-3.2.1-1.1.s390x", product_id: "traefik-3.2.1-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "traefik-3.2.1-1.1.x86_64", product: { name: "traefik-3.2.1-1.1.x86_64", product_id: "traefik-3.2.1-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "traefik-3.2.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik-3.2.1-1.1.aarch64", }, product_reference: "traefik-3.2.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik-3.2.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik-3.2.1-1.1.ppc64le", }, product_reference: "traefik-3.2.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik-3.2.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik-3.2.1-1.1.s390x", }, product_reference: "traefik-3.2.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "traefik-3.2.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:traefik-3.2.1-1.1.x86_64", }, product_reference: "traefik-3.2.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:traefik-3.2.1-1.1.aarch64", "openSUSE Tumbleweed:traefik-3.2.1-1.1.ppc64le", "openSUSE Tumbleweed:traefik-3.2.1-1.1.s390x", "openSUSE Tumbleweed:traefik-3.2.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:traefik-3.2.1-1.1.aarch64", "openSUSE Tumbleweed:traefik-3.2.1-1.1.ppc64le", "openSUSE Tumbleweed:traefik-3.2.1-1.1.s390x", "openSUSE Tumbleweed:traefik-3.2.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:traefik-3.2.1-1.1.aarch64", "openSUSE Tumbleweed:traefik-3.2.1-1.1.ppc64le", "openSUSE Tumbleweed:traefik-3.2.1-1.1.s390x", "openSUSE Tumbleweed:traefik-3.2.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-11-23T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
opensuse-su-2025:14768-1
Vulnerability from csaf_opensuse
Published
2025-02-12 00:00
Modified
2025-02-12 00:00
Summary
grafana-11.5.1-1.1 on GA media
Notes
Title of the patch
grafana-11.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the grafana-11.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14768
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "grafana-11.5.1-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the grafana-11.5.1-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2025-14768", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14768-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:14768-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6G3C2BVUXSTIXS4W727LQ5WT3V2NAP27/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:14768-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6G3C2BVUXSTIXS4W727LQ5WT3V2NAP27/", }, { category: "self", summary: "SUSE CVE CVE-2024-51744 page", url: "https://www.suse.com/security/cve/CVE-2024-51744/", }, ], title: "grafana-11.5.1-1.1 on GA media", tracking: { current_release_date: "2025-02-12T00:00:00Z", generator: { date: "2025-02-12T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:14768-1", initial_release_date: "2025-02-12T00:00:00Z", revision_history: [ { date: "2025-02-12T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "grafana-11.5.1-1.1.aarch64", product: { name: "grafana-11.5.1-1.1.aarch64", product_id: "grafana-11.5.1-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "grafana-11.5.1-1.1.ppc64le", product: { name: "grafana-11.5.1-1.1.ppc64le", product_id: "grafana-11.5.1-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "grafana-11.5.1-1.1.s390x", product: { name: "grafana-11.5.1-1.1.s390x", product_id: "grafana-11.5.1-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "grafana-11.5.1-1.1.x86_64", product: { name: "grafana-11.5.1-1.1.x86_64", product_id: "grafana-11.5.1-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "grafana-11.5.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-11.5.1-1.1.aarch64", }, product_reference: "grafana-11.5.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-11.5.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-11.5.1-1.1.ppc64le", }, product_reference: "grafana-11.5.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-11.5.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-11.5.1-1.1.s390x", }, product_reference: "grafana-11.5.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "grafana-11.5.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:grafana-11.5.1-1.1.x86_64", }, product_reference: "grafana-11.5.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-51744", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-51744", }, ], notes: [ { category: "general", text: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:grafana-11.5.1-1.1.aarch64", "openSUSE Tumbleweed:grafana-11.5.1-1.1.ppc64le", "openSUSE Tumbleweed:grafana-11.5.1-1.1.s390x", "openSUSE Tumbleweed:grafana-11.5.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-51744", url: "https://www.suse.com/security/cve/CVE-2024-51744", }, { category: "external", summary: "SUSE Bug 1232936 for CVE-2024-51744", url: "https://bugzilla.suse.com/1232936", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:grafana-11.5.1-1.1.aarch64", "openSUSE Tumbleweed:grafana-11.5.1-1.1.ppc64le", "openSUSE Tumbleweed:grafana-11.5.1-1.1.s390x", "openSUSE Tumbleweed:grafana-11.5.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:grafana-11.5.1-1.1.aarch64", "openSUSE Tumbleweed:grafana-11.5.1-1.1.ppc64le", "openSUSE Tumbleweed:grafana-11.5.1-1.1.s390x", "openSUSE Tumbleweed:grafana-11.5.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-12T00:00:00Z", details: "low", }, ], title: "CVE-2024-51744", }, ], }
ghsa-29wx-vh33-7x7r
Vulnerability from github
Published
2024-11-04 23:22
Modified
2024-11-12 21:32
Severity ?
Summary
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Details
Summary
Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.
Fix
We have back-ported the error handling logic from the v5 branch to the v4 branch. In this logic, the ParseWithClaims function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release.
Workaround
We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above.
Go
token, err := /* jwt.Parse or similar */
if token.Valid {
fmt.Println("You look nice today")
} else if errors.Is(err, jwt.ErrTokenMalformed) {
fmt.Println("That's not even a token")
} else if errors.Is(err, jwt.ErrTokenUnverifiable) {
fmt.Println("We could not verify this token")
} else if errors.Is(err, jwt.ErrTokenSignatureInvalid) {
fmt.Println("This token has an invalid signature")
} else if errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet) {
// Token is either expired or not active yet
fmt.Println("Timing is everything")
} else {
fmt.Println("Couldn't handle this token:", err)
}
{ affected: [ { package: { ecosystem: "Go", name: "github.com/golang-jwt/jwt/v4", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "4.5.1", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-51744", ], database_specific: { cwe_ids: [ "CWE-347", "CWE-755", ], github_reviewed: true, github_reviewed_at: "2024-11-04T23:22:41Z", nvd_published_at: "2024-11-04T22:15:03Z", severity: "LOW", }, details: "### Summary\n\nUnclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens.\n\n### Fix\n\nWe have back-ported the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release.\n\n### Workaround \n\nWe are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.\n\n```Go\ntoken, err := /* jwt.Parse or similar */\nif token.Valid {\n\tfmt.Println(\"You look nice today\")\n} else if errors.Is(err, jwt.ErrTokenMalformed) {\n\tfmt.Println(\"That's not even a token\")\n} else if errors.Is(err, jwt.ErrTokenUnverifiable) {\n\tfmt.Println(\"We could not verify this token\")\n} else if errors.Is(err, jwt.ErrTokenSignatureInvalid) {\n\tfmt.Println(\"This token has an invalid signature\")\n} else if errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet) {\n\t// Token is either expired or not active yet\n\tfmt.Println(\"Timing is everything\")\n} else {\n\tfmt.Println(\"Couldn't handle this token:\", err)\n}\n```", id: "GHSA-29wx-vh33-7x7r", modified: "2024-11-12T21:32:34Z", published: "2024-11-04T23:22:41Z", references: [ { type: "WEB", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-51744", }, { type: "WEB", url: "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", }, { type: "PACKAGE", url: "https://github.com/golang-jwt/jwt", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations", }
fkie_cve-2024-51744
Vulnerability from fkie_nvd
Published
2024-11-04 22:15
Modified
2024-11-05 16:04
Severity ?
Summary
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in "dangerous" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors ("dangerous" ones first), so that you are not running in the case detailed above.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they will ignore the embedded `jwt.ErrTokenSignatureInvalid` and thus potentially accept invalid tokens. A fix has been back-ported with the error handling logic from the `v5` branch to the `v4` branch. In this logic, the `ParseWithClaims` function will immediately return in \"dangerous\" situations (e.g., an invalid signature), limiting the combined errors only to situations where the signature is valid, but further validation failed (e.g., if the signature is valid, but is expired AND has the wrong audience). This fix is part of the 4.5.1 release. We are aware that this changes the behaviour of an established function and is not 100 % backwards compatible, so updating to 4.5.1 might break your code. In case you cannot update to 4.5.0, please make sure that you are properly checking for all errors (\"dangerous\" ones first), so that you are not running in the case detailed above.", }, { lang: "es", value: "golang-jwt es una implementación de Go de tokens web JSON. La documentación poco clara del comportamiento de los errores en `ParseWithClaims` puede llevar a una situación en la que los usuarios potencialmente no estén verificando los errores como deberían. Especialmente, si un token está vencido y no es válido, los errores devueltos por `ParseWithClaims` devuelven ambos códigos de error. Si los usuarios solo verifican `jwt.ErrTokenExpired` usando `error.Is`, ignorarán el `jwt.ErrTokenSignatureInvalid` incorporado y, por lo tanto, potencialmente aceptarán tokens no válidos. Se ha incorporado una solución con la lógica de manejo de errores de la rama `v5` a la rama `v4`. En esta lógica, la función `ParseWithClaims` regresará inmediatamente en situaciones \"peligrosas\" (por ejemplo, una firma no válida), lo que limita los errores combinados solo a situaciones en las que la firma es válida, pero la validación posterior falló (por ejemplo, si la firma es válida, pero está vencida Y tiene la audiencia incorrecta). Esta corrección forma parte de la versión 4.5.1. Somos conscientes de que esto cambia el comportamiento de una función establecida y no es 100 % compatible con versiones anteriores, por lo que actualizar a la versión 4.5.1 podría dañar el código. En caso de que no pueda actualizar a la versión 4.5.0, asegúrese de comprobar correctamente todos los errores (primero los \"peligrosos\"), para que no se encuentre en el caso detallado anteriormente.", }, ], id: "CVE-2024-51744", lastModified: "2024-11-05T16:04:26.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-11-04T22:15:03.997", references: [ { source: "security-advisories@github.com", url: "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c", }, { source: "security-advisories@github.com", url: "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.