Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-8376 (GCVE-0-2024-8376)
Vulnerability from cvelistv5 – Published: 2024-10-11 15:18 – Updated: 2024-10-31 09:15
VLAI?
EPSS
Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Mosquitto |
Affected:
2.0.18
Unaffected: 2.0.19 |
Credits
Roman Kraus (Fraunhofer FOKUS)
Steffen Lüdtke (Fraunhofer FOKUS)
Martin Schneider (Fraunhofer FOKUS)
Ramon Barakat (Fraunhofer FOKUS)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T15:25:39.508033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T15:25:54.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "mosquitto",
"product": "Mosquitto",
"repo": "https://github.com/eclipse/mosquitto",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "2.0.18"
},
{
"status": "unaffected",
"version": "2.0.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Roman Kraus (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Steffen L\u00fcdtke (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Martin Schneider (Fraunhofer FOKUS)"
},
{
"lang": "en",
"type": "finder",
"value": "Ramon Barakat (Fraunhofer FOKUS)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.\u003cbr\u003e"
}
],
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T09:15:30.149Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"tags": [
"product"
],
"url": "https://mosquitto.org/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8376",
"datePublished": "2024-10-11T15:18:54.142Z",
"dateReserved": "2024-09-02T13:50:51.894Z",
"dateUpdated": "2024-10-31T09:15:30.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.0.19\", \"matchCriteriaId\": \"427A4001-C682-433E-A653-B13B770BF193\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \\\"CONNECT\\\", \\\"DISCONNECT\\\", \\\"SUBSCRIBE\\\", \\\"UNSUBSCRIBE\\\" and \\\"PUBLISH\\\" packets.\"}, {\"lang\": \"es\", \"value\": \"En Eclipse Mosquitto hasta la versi\\u00f3n 2.0.18a, un atacante puede lograr fugas de memoria, fallas de segmentaci\\u00f3n o heap-use-after-free enviando secuencias espec\\u00edficas de paquetes \\\"CONECTAR\\\", \\\"DESCONECTAR\\\", \\\"SUBSCRIBE\\\", \\\"CANCELAR SUSCRIPCI\\u00d3N\\\" y \\\"PUBLICAR\\\".\"}]",
"id": "CVE-2024-8376",
"lastModified": "2024-11-15T17:21:02.327",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"LOW\", \"vulnerableSystemAvailability\": \"HIGH\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-10-11T16:15:14.860",
"references": "[{\"url\": \"https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/eclipse/mosquitto/releases/tag/v2.0.19\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\", \"Product\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/26\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://mosquitto.org/\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}, {\"lang\": \"en\", \"value\": \"CWE-416\"}, {\"lang\": \"en\", \"value\": \"CWE-755\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}, {\"lang\": \"en\", \"value\": \"CWE-416\"}, {\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8376\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2024-10-11T16:15:14.860\",\"lastModified\":\"2024-11-15T17:21:02.327\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \\\"CONNECT\\\", \\\"DISCONNECT\\\", \\\"SUBSCRIBE\\\", \\\"UNSUBSCRIBE\\\" and \\\"PUBLISH\\\" packets.\"},{\"lang\":\"es\",\"value\":\"En Eclipse Mosquitto hasta la versi\u00f3n 2.0.18a, un atacante puede lograr fugas de memoria, fallas de segmentaci\u00f3n o heap-use-after-free enviando secuencias espec\u00edficas de paquetes \\\"CONECTAR\\\", \\\"DESCONECTAR\\\", \\\"SUBSCRIBE\\\", \\\"CANCELAR SUSCRIPCI\u00d3N\\\" y \\\"PUBLICAR\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"},{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"},{\"lang\":\"en\",\"value\":\"CWE-416\"},{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.19\",\"matchCriteriaId\":\"427A4001-C682-433E-A653-B13B770BF193\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/eclipse/mosquitto/releases/tag/v2.0.19\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Product\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/26\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://mosquitto.org/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T15:25:39.508033Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T15:25:47.722Z\"}}], \"cna\": {\"title\": \"Memory leak\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Roman Kraus (Fraunhofer FOKUS)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Steffen L\\u00fcdtke (Fraunhofer FOKUS)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Martin Schneider (Fraunhofer FOKUS)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ramon Barakat (Fraunhofer FOKUS)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/eclipse/mosquitto\", \"vendor\": \"Eclipse Foundation\", \"product\": \"Mosquitto\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.18\"}, {\"status\": \"unaffected\", \"version\": \"2.0.19\"}], \"packageName\": \"mosquitto\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/26\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/eclipse/mosquitto/releases/tag/v2.0.19\", \"tags\": [\"patch\"]}, {\"url\": \"https://mosquitto.org/\", \"tags\": [\"product\"]}, {\"url\": \"https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \\\"CONNECT\\\", \\\"DISCONNECT\\\", \\\"SUBSCRIBE\\\", \\\"UNSUBSCRIBE\\\" and \\\"PUBLISH\\\" packets.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \\\"CONNECT\\\", \\\"DISCONNECT\\\", \\\"SUBSCRIBE\\\", \\\"UNSUBSCRIBE\\\" and \\\"PUBLISH\\\" packets.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755 Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2024-10-31T09:15:30.149Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-8376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-31T09:15:30.149Z\", \"dateReserved\": \"2024-09-02T13:50:51.894Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2024-10-11T15:18:54.142Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2024-8376
Vulnerability from fkie_nvd - Published: 2024-10-11 16:15 - Updated: 2024-11-15 17:21
Severity ?
Summary
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "427A4001-C682-433E-A653-B13B770BF193",
"versionEndExcluding": "2.0.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets."
},
{
"lang": "es",
"value": "En Eclipse Mosquitto hasta la versi\u00f3n 2.0.18a, un atacante puede lograr fugas de memoria, fallas de segmentaci\u00f3n o heap-use-after-free enviando secuencias espec\u00edficas de paquetes \"CONECTAR\", \"DESCONECTAR\", \"SUBSCRIBE\", \"CANCELAR SUSCRIPCI\u00d3N\" y \"PUBLICAR\"."
}
],
"id": "CVE-2024-8376",
"lastModified": "2024-11-15T17:21:02.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2024-10-11T16:15:14.860",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-mosquitto/mosquitto/commit/1914b3ee2a18102d0a94cbdbbfeae1afa03edd17"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch",
"Product"
],
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"source": "emo@eclipse.org",
"tags": [
"Product"
],
"url": "https://mosquitto.org/"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
},
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
},
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
WID-SEC-W-2024-3323
Vulnerability from csaf_certbund - Published: 2024-10-31 23:00 - Updated: 2024-11-05 23:00Summary
Red Hat Satellite: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Informationen offenzulegen und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Informationen offenzulegen und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3323 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3323.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3323 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8906 vom 2024-11-05",
"url": "https://access.redhat.com/errata/RHSA-2024:8906"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-05T23:00:00.000+00:00",
"generator": {
"date": "2024-11-06T11:40:08.877+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3323",
"initial_release_date": "2024-10-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-11-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.13.7.3",
"product": {
"name": "Red Hat Satellite \u003c6.13.7.3",
"product_id": "T038720"
}
},
{
"category": "product_version",
"name": "6.13.7.3",
"product": {
"name": "Red Hat Satellite 6.13.7.3",
"product_id": "T038720-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.13.7.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.14.4.3",
"product": {
"name": "Red Hat Satellite \u003c6.14.4.3",
"product_id": "T038721"
}
},
{
"category": "product_version",
"name": "6.14.4.3",
"product": {
"name": "Red Hat Satellite 6.14.4.3",
"product_id": "T038721-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.15.4.2",
"product": {
"name": "Red Hat Satellite \u003c6.15.4.2",
"product_id": "T038722"
}
},
{
"category": "product_version",
"name": "6.15.4.2",
"product": {
"name": "Red Hat Satellite 6.15.4.2",
"product_id": "T038722-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15.4.2"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8553",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Satellite. Diese besteht in den Loader-Makros von Foreman, die es einem authentifizierten Benutzer mit der Berechtigung zum Anzeigen und Erstellen von Vorlagen erm\u00f6glichen, beliebige Felder aus der Foreman-Datenbank zu lesen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"67646",
"T038721",
"T038720",
"T038722"
]
},
"release_date": "2024-10-31T23:00:00.000+00:00",
"title": "CVE-2024-8553"
},
{
"cve": "CVE-2024-8376",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Satellite in der Eclipse Mosquitto Komponente. Durch das Senden bestimmter Paketsequenzen k\u00f6nnen verschiedene Angriffsarten, darunter Memory Leakage, Segmentation Faults und Heap-Use-After-Free, ausgel\u00f6st werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"67646",
"T038721",
"T038720",
"T038722"
]
},
"release_date": "2024-10-31T23:00:00.000+00:00",
"title": "CVE-2024-8376"
}
]
}
SCA-2025-0006
Vulnerability from csaf_sick - Published: 2025-04-28 13:00 - Updated: 2025-04-28 13:00Summary
Vulnerability affecting picoScan and multiScan
Notes
summary
SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has identified a Denial of Service vulnerability (CVE-2025-32472) in picoScan and multiScan, which can cause the web page to become unresponsive. Due to their architectural design, these products are not affected by the other vulnerabilities listed in this advisory. Currently SICK is not aware of any public exploits specifically targeting the vulnerability. SICK recommends applying the mitigation for CVE-2025-32472.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0006.json"
}
],
"title": "Vulnerability affecting picoScan and multiScan",
"tracking": {
"current_release_date": "2025-04-28T13:00:00.000Z",
"generator": {
"date": "2025-04-28T06:38:33.857Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "SCA-2025-0006",
"initial_release_date": "2025-04-28T13:00:00.000Z",
"revision_history": [
{
"date": "2025-04-28T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T07:30:49.000Z",
"number": "2",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK picoScan1XX all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1134607",
"1134608",
"1134609",
"1134610",
"1141395",
"1141396",
"1141397",
"1141751",
"1142269",
"1142270",
"1142272",
"1142273"
]
}
}
}
],
"category": "product_name",
"name": "picoScan1XX"
}
],
"category": "product_family",
"name": "picoScan100"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK multiScan1XX all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1131164",
"1137723",
"1140110",
"1140133",
"1140134",
"1141496",
"1143873"
]
}
}
}
],
"category": "product_name",
"name": "multiScan1XX"
}
],
"category": "product_family",
"name": "multiScan100"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK picoScan1XX Firmware all versions",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "picoScan1XX Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK multiScan1XX Firmware all versions",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "multiScan1XX Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK picoScan1XX all Firmware versions",
"product_id": "CSAFPID-0005"
},
"product_reference": "CSAFPID-0003",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK multiScan1XX all Firmware versions",
"product_id": "CSAFPID-0006"
},
"product_reference": "CSAFPID-0004",
"relates_to_product_reference": "CSAFPID-0002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-32472",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices. Additionally, the web server can be disabled via the CyberSecurity page in the UI.",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Denial-of-Service Vulnerability in multiScan and picoScan via Slowloris Attack"
},
{
"cve": "CVE-2024-38517",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Underflow in GenericReader::ParseNumber() Function"
},
{
"cve": "CVE-2024-39684",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber() function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Tencent RapidJSON Vulnerable to Privilege Escalation via Integer Overflow in GenericReader::ParseNumber() Function"
},
{
"cve": "CVE-2022-46908",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Protection Mechanism Bypass via Improper Implementation of \u0027azProhibitedFunctions\u0027"
},
{
"cve": "CVE-2021-36690",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Denial-of-Service (DoS) via Segmentation Fault in \u0027idxGetTableInfo\u0027 Function"
},
{
"cve": "CVE-2022-35737",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Memory Corruption via Stack-Based Buffer Overflow in \u0027sqlite3_str_vappendf()\u0027 Function Used by \u0027printf\u0027 Family API Implementations"
},
{
"cve": "CVE-2021-45346",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Information Disclosure via Maliciously Crafted Queries"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "SQLite Vulnerable to Out-of-Bounds Memory Access via Insufficient Input Validation in \u0027sessionReadRecord\u0027 Function of \u0027Sessions\u0027 Extension"
},
{
"cve": "CVE-2022-28805",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) and Information Disclosure via Heap-Based Buffer Over-Read in \u0027luaH_getshortstr\u0027 Function"
},
{
"cve": "CVE-2020-24370",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Integer Overflow in \u0027ldebug.c\u0027 File"
},
{
"cve": "CVE-2021-43519",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in \u0027ldo.c\u0027"
},
{
"cve": "CVE-2020-24369",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack-Based Buffer Overflow in \u0027ldo.c\u0027"
},
{
"cve": "CVE-2020-24371",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Information Disclosure via Mishandled Interaction Between Barriers and Sweep Phase"
},
{
"cve": "CVE-2022-33099",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in \u0027luaG_runerror\u0027 Function"
},
{
"cve": "CVE-2020-15945",
"cwe": {
"id": "CWE-229",
"name": "Improper Handling of Values"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service via \u0027changedline\u0027 Function"
},
{
"cve": "CVE-2020-15888",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Multiple Heap Related Memory Errors via Garbage Collection \u0027Stack Resizing\u0027"
},
{
"cve": "CVE-2020-24342",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Lua Vulnerable to Denial-of-Service (DoS) via Stack Overflow in \u0027luaD_callnoyield\u0027 Function"
},
{
"cve": "CVE-2024-10525",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Heap-Based-Buffer Overflow in Crafted SUBACK Packet in libmosquitto Component"
},
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\" and \"PUBLISH\" packets.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Specific Sequences in Packet Handling Component"
},
{
"cve": "CVE-2023-28366",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak Triggered by Duplicate QoS 2 Messages"
},
{
"cve": "CVE-2023-3592",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Memory Leak in \u0027v5 CONNECT\u0027 Packets"
},
{
"cve": "CVE-2024-3935",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Eclipse Mosquitto Vulnerable to Memory Corruption via Double Free in Crafted PUBLISH Packet in Outgoing Bridge Connection"
},
{
"cve": "CVE-2023-0809",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.",
"title": "Summary"
}
],
"product_status": {
"known_not_affected": [
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Mosquitto Vulnerable to Denial-of-Service (DoS) via Excessive Memory Allocation"
}
]
}
RHSA-2024_8719
Vulnerability from csaf_redhat - Published: 2024-10-31 18:49 - Updated: 2024-12-04 10:59Summary
Red Hat Security Advisory: Satellite 6.15.4.2 Async Update
Notes
Topic
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from the
CVE link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* mosquitto: sending specific sequences of packets may trigger memory leak (CVE-2024-8376)
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from the\nCVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* mosquitto: sending specific sequences of packets may trigger memory leak (CVE-2024-8376)\n* foreman: Read-only access to entire DB from templates (CVE-2024-8553)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8719",
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8719.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.15.4.2 Async Update",
"tracking": {
"current_release_date": "2024-12-04T10:59:57+00:00",
"generator": {
"date": "2024-12-04T10:59:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:8719",
"initial_release_date": "2024-10-31T18:49:44+00:00",
"revision_history": [
{
"date": "2024-10-31T18:49:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-31T18:49:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-04T10:59:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.11-1.el8sat.src",
"product": {
"name": "foreman-0:3.9.1.11-1.el8sat.src",
"product_id": "foreman-0:3.9.1.11-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.11-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product_id": "mosquitto-0:2.0.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.4.2-1.el8sat.src",
"product": {
"name": "satellite-0:6.15.4.2-1.el8sat.src",
"product_id": "satellite-0:6.15.4.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.4.2-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-pcp@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.15.4.2-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debugsource@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debuginfo@2.0.19-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-10-11T16:02:55.907427+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318080"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\", and \"PUBLISH\" packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: sending specific sequences of packets may trigger memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8376"
},
{
"category": "external",
"summary": "RHBZ#2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19",
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"category": "external",
"summary": "https://mosquitto.org/",
"url": "https://mosquitto.org/"
}
],
"release_date": "2024-10-11T15:18:54.142000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mosquitto: sending specific sequences of packets may trigger memory leak"
},
{
"cve": "CVE-2024-8553",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-09-16T07:20:13.067000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312524"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Foreman\u0027s loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman\u0027s database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: Read-only access to entire DB from templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate rather than important due to the requirement of authenticated access and specific permissions. While it allows exploitation of loader macros to access unintended fields in Foreman\u0027s database, the vulnerability is only accessible to users with permission to view or create templates containing these macros. As a result, the exploit\u0027s potential impact is limited to users who already possess a significant level of access within the system. Furthermore, the issue does not lead to privilege escalation, code execution, or direct system compromise, but rather unauthorized data access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8553"
},
{
"category": "external",
"summary": "RHBZ#2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8553"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553"
}
],
"release_date": "2024-10-31T14:29:39.030000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "foreman: Read-only access to entire DB from templates"
}
]
}
RHSA-2024:8719
Vulnerability from csaf_redhat - Published: 2024-10-31 18:49 - Updated: 2025-11-21 19:15Summary
Red Hat Security Advisory: Satellite 6.15.4.2 Async Update
Notes
Topic
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from the
CVE link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* mosquitto: sending specific sequences of packets may trigger memory leak (CVE-2024-8376)
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from the\nCVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* mosquitto: sending specific sequences of packets may trigger memory leak (CVE-2024-8376)\n* foreman: Read-only access to entire DB from templates (CVE-2024-8553)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8719",
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8719.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.15.4.2 Async Update",
"tracking": {
"current_release_date": "2025-11-21T19:15:22+00:00",
"generator": {
"date": "2025-11-21T19:15:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:8719",
"initial_release_date": "2024-10-31T18:49:44+00:00",
"revision_history": [
{
"date": "2024-10-31T18:49:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-31T18:49:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:15:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.15::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.11-1.el8sat.src",
"product": {
"name": "foreman-0:3.9.1.11-1.el8sat.src",
"product_id": "foreman-0:3.9.1.11-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.11-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product_id": "mosquitto-0:2.0.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.4.2-1.el8sat.src",
"product": {
"name": "satellite-0:6.15.4.2-1.el8sat.src",
"product_id": "satellite-0:6.15.4.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.4.2-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-pcp@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.9.1.11-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.15.4.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.15.4.2-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debugsource@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debuginfo@2.0.19-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.9.1.11-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src"
},
"product_reference": "foreman-0:3.9.1.11-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.15.4.2-1.el8sat.src as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src"
},
"product_reference": "satellite-0:6.15.4.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.15.4.2-1.el8sat.noarch as a component of Red Hat Satellite 6.15 for RHEL 8",
"product_id": "8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.15.4.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-10-11T16:02:55.907427+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318080"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\", and \"PUBLISH\" packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: sending specific sequences of packets may trigger memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8376"
},
{
"category": "external",
"summary": "RHBZ#2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19",
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"category": "external",
"summary": "https://mosquitto.org/",
"url": "https://mosquitto.org/"
}
],
"release_date": "2024-10-11T15:18:54.142000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mosquitto: sending specific sequences of packets may trigger memory leak"
},
{
"cve": "CVE-2024-8553",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-09-16T07:20:13.067000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312524"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Foreman\u0027s loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman\u0027s database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: Read-only access to entire DB from templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate rather than important due to the requirement of authenticated access and specific permissions. While it allows exploitation of loader macros to access unintended fields in Foreman\u0027s database, the vulnerability is only accessible to users with permission to view or create templates containing these macros. As a result, the exploit\u0027s potential impact is limited to users who already possess a significant level of access within the system. Furthermore, the issue does not lead to privilege escalation, code execution, or direct system compromise, but rather unauthorized data access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8553"
},
{
"category": "external",
"summary": "RHBZ#2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8553"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553"
}
],
"release_date": "2024-10-31T14:29:39.030000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:44+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.15/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8719"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-capsule:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-capsule:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-capsule:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15-utils:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15-utils:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15-utils:satellite-common-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-0:3.9.1.11-1.el8sat.src",
"8Base-satellite-6.15:foreman-cli-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-debug-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-dynflow-sidekiq-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ec2-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-journald-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-libvirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-openstack-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-ovirt-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-pcp-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-postgresql-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-redis-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-service-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-telemetry-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:foreman-vmware-0:3.9.1.11-1.el8sat.noarch",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.15:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-0:6.15.4.2-1.el8sat.src",
"8Base-satellite-6.15:satellite-capsule-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-cli-0:6.15.4.2-1.el8sat.noarch",
"8Base-satellite-6.15:satellite-common-0:6.15.4.2-1.el8sat.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "foreman: Read-only access to entire DB from templates"
}
]
}
RHSA-2024:8718
Vulnerability from csaf_redhat - Published: 2024-10-31 18:49 - Updated: 2025-11-21 19:15Summary
Red Hat Security Advisory: Satellite 6.14.4.3 Async Update
Notes
Topic
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* mosquitto: sending specific sequences of packets may trigger memory leak
(CVE-2024-8376)
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\nSecurity Fix(es):\n\n* mosquitto: sending specific sequences of packets may trigger memory leak\n(CVE-2024-8376)\n* foreman: Read-only access to entire DB from templates (CVE-2024-8553)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8718",
"url": "https://access.redhat.com/errata/RHSA-2024:8718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8718.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.4.3 Async Update",
"tracking": {
"current_release_date": "2025-11-21T19:15:22+00:00",
"generator": {
"date": "2025-11-21T19:15:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:8718",
"initial_release_date": "2024-10-31T18:49:09+00:00",
"revision_history": [
{
"date": "2024-10-31T18:49:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-31T18:49:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:15:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "satellite-0:6.14.4.3-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.4.3-1.el8sat.src",
"product_id": "satellite-0:6.14.4.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.4.3-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.src",
"product": {
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.src",
"product_id": "satellite-lifecycle-0:6.14.0-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@6.14.0-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.14-1.el8sat.src",
"product": {
"name": "foreman-0:3.7.0.14-1.el8sat.src",
"product_id": "foreman-0:3.7.0.14-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.14-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.src",
"product_id": "mosquitto-0:2.0.19-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.4.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.4.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.4.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.4.3-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.4.3-1.el8sat.noarch",
"product_id": "satellite-0:6.14.4.3-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.4.3-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"product": {
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"product_id": "satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-lifecycle@6.14.0-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.7.0.14-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.7.0.14-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debugsource@2.0.19-1.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_id": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mosquitto-debuginfo@2.0.19-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.14-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.14-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
},
"product_reference": "mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.4.3-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.4.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.4.3-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.4.3-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch"
},
"product_reference": "satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-lifecycle-0:6.14.0-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
},
"product_reference": "satellite-lifecycle-0:6.14.0-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-8376",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-10-11T16:02:55.907427+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2318080"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of \"CONNECT\", \"DISCONNECT\", \"SUBSCRIBE\", \"UNSUBSCRIBE\", and \"PUBLISH\" packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mosquitto: sending specific sequences of packets may trigger memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8376"
},
{
"category": "external",
"summary": "RHBZ#2318080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8376"
},
{
"category": "external",
"summary": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19",
"url": "https://github.com/eclipse/mosquitto/releases/tag/v2.0.19"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/26"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/216"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/217"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/218"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/227"
},
{
"category": "external",
"summary": "https://mosquitto.org/",
"url": "https://mosquitto.org/"
}
],
"release_date": "2024-10-11T15:18:54.142000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8718"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mosquitto: sending specific sequences of packets may trigger memory leak"
},
{
"cve": "CVE-2024-8553",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-09-16T07:20:13.067000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312524"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Foreman\u0027s loader macros introduced with report templates. These macros may allow an authenticated user with permissions to view and create templates to read any field from Foreman\u0027s database. By using specific strings in the loader macros, users can bypass permissions and access sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: Read-only access to entire DB from templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate rather than important due to the requirement of authenticated access and specific permissions. While it allows exploitation of loader macros to access unintended fields in Foreman\u0027s database, the vulnerability is only accessible to users with permission to view or create templates containing these macros. As a result, the exploit\u0027s potential impact is limited to users who already possess a significant level of access within the system. Furthermore, the issue does not lead to privilege escalation, code execution, or direct system compromise, but rather unauthorized data access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8553"
},
{
"category": "external",
"summary": "RHBZ#2312524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8553"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8553"
}
],
"release_date": "2024-10-31T14:29:39.030000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-31T18:49:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/updating_red_hat_satellite/index",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8718"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14-capsule:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.14-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.14-1.el8sat.noarch",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.src",
"8Base-satellite-6.14:mosquitto-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debuginfo-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:mosquitto-debugsource-0:2.0.19-1.el8sat.x86_64",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.4.3-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.4.3-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.noarch",
"8Base-satellite-6.14:satellite-lifecycle-0:6.14.0-2.el8sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "foreman: Read-only access to entire DB from templates"
}
]
}
RHSA-2024_8906
Vulnerability from csaf_redhat - Published: 2024-11-05 17:49 - Updated: 2024-12-18 04:38Summary
Red Hat Security Advisory: Satellite 6.16.0 release
Notes
Topic
A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
* mosquitto: sending specific sequences of packets may trigger memory leak
(CVE-2024-8376)
* micromatch: vulnerable to Regular Expression Denial of Service (CVE-2024-4067)
urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)
* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
* python-django: Potential denial-of-service in django.utils.html.urlize() (CVE-2024-38875)
* python-django: Username enumeration through timing difference for users with unusable passwords (CVE-2024-39329)
* python-django: Potential directory-traversal in django.core.files.storage.Storage.save() (CVE-2024-39330)
* python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant() (CVE-2024-39614)
* github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp (CVE-2024-5569)
* puppet-foreman: An authentication bypass vulnerability exists in Foreman (CVE-2024-7012)
* python-django: Potential SQL injection in QuerySet.values() and values_list() (CVE-2024-42005)
* grpc: client communicating with a HTTP/2 proxy can poison the HPACK table between the proxy and the backend (CVE-2024-7246)
* puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore (CVE-2024-7923)
* foreman: Read-only access to entire DB from templates (CVE-2024-8553)
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.