RHBA-2023:7648
Vulnerability from csaf_redhat - Published: 2023-12-05 06:56 - Updated: 2026-04-04 16:37Summary
Red Hat Bug Fix Advisory: MTV 2.5.3 Images
Severity
Moderate
Notes
Topic: Updated Release packages that fix several bugs and add various enhancements are now available.
Details: Migration Toolkit for Virtualization 2.5.3 Images
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHBA-2023:7648
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHBA-2023:7648
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHBA-2023:7648
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHBA-2023:7648
A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server's memory by sending many malicious requests, affecting the availability.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHBA-2023:7648
Workaround
As a workaround to stop being affected otelhttp.WithFilter() can be used.
For convenience and safe usage of this library, it should by default mark with the label unknown non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.
The other possibility is to disable HTTP metrics instrumentation by passing otelhttp.WithMeterProvider option with noop.NewMeterProvider.
References
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization 2.5.3 Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:7648",
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
},
{
"category": "external",
"summary": "MTV-698",
"url": "https://issues.redhat.com/browse/MTV-698"
},
{
"category": "external",
"summary": "MTV-699",
"url": "https://issues.redhat.com/browse/MTV-699"
},
{
"category": "external",
"summary": "MTV-714",
"url": "https://issues.redhat.com/browse/MTV-714"
},
{
"category": "external",
"summary": "MTV-783",
"url": "https://issues.redhat.com/browse/MTV-783"
},
{
"category": "external",
"summary": "MTV-803",
"url": "https://issues.redhat.com/browse/MTV-803"
},
{
"category": "external",
"summary": "MTV-811",
"url": "https://issues.redhat.com/browse/MTV-811"
},
{
"category": "external",
"summary": "MTV-812",
"url": "https://issues.redhat.com/browse/MTV-812"
},
{
"category": "external",
"summary": "MTV-818",
"url": "https://issues.redhat.com/browse/MTV-818"
},
{
"category": "external",
"summary": "MTV-830",
"url": "https://issues.redhat.com/browse/MTV-830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_7648.json"
}
],
"title": "Red Hat Bug Fix Advisory: MTV 2.5.3 Images",
"tracking": {
"current_release_date": "2026-04-04T16:37:23+00:00",
"generator": {
"date": "2026-04-04T16:37:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHBA-2023:7648",
"initial_release_date": "2023-12-05T06:56:16+00:00",
"revision_history": [
{
"date": "2023-12-05T06:56:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-05T06:56:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-04T16:37:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
}
}
},
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.3-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.3-7"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.3-9"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.3-30"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.3-12"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.3-10"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.3-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-05T06:56:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-05T06:56:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-05T06:56:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-05T06:56:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-45142",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2245180"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server\u0027s memory by sending many malicious requests, affecting the availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opentelemetry: DoS vulnerability in otelhttp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While no authentication is required, there are a significant number of non-default factors which prevent widespread exploitation of this flaw. For a service to be affected, all of the following must be true:\n* The go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package must be in use\n* Configured a metrics pipeline which uses the otelhttp.NewHandler wrapper function\n* No filtering of unknown HTTP methods or user agents at a higher level (such as Content Delivery Network/Load Balancer/etc...)\n\nDue to the limited attack surface, Red Hat Product Security rates the impact as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "RHBZ#2245180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-05T06:56:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
},
{
"category": "workaround",
"details": "As a workaround to stop being affected otelhttp.WithFilter() can be used.\n\nFor convenience and safe usage of this library, it should by default mark with the label unknown non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\n\nThe other possibility is to disable HTTP metrics instrumentation by passing otelhttp.WithMeterProvider option with noop.NewMeterProvider.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "opentelemetry: DoS vulnerability in otelhttp"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…