rhba-2023_7648
Vulnerability from csaf_redhat
Published
2023-12-05 06:56
Modified
2024-09-03 22:35
Summary
Red Hat Bug Fix Advisory: MTV 2.5.3 Images
Notes
Topic
Updated Release packages that fix several bugs and add various enhancements are now available.
Details
Migration Toolkit for Virtualization 2.5.3 Images
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Virtualization 2.5.3 Images",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:7648",
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
},
{
"category": "external",
"summary": "MTV-698",
"url": "https://issues.redhat.com/browse/MTV-698"
},
{
"category": "external",
"summary": "MTV-699",
"url": "https://issues.redhat.com/browse/MTV-699"
},
{
"category": "external",
"summary": "MTV-714",
"url": "https://issues.redhat.com/browse/MTV-714"
},
{
"category": "external",
"summary": "MTV-783",
"url": "https://issues.redhat.com/browse/MTV-783"
},
{
"category": "external",
"summary": "MTV-803",
"url": "https://issues.redhat.com/browse/MTV-803"
},
{
"category": "external",
"summary": "MTV-811",
"url": "https://issues.redhat.com/browse/MTV-811"
},
{
"category": "external",
"summary": "MTV-812",
"url": "https://issues.redhat.com/browse/MTV-812"
},
{
"category": "external",
"summary": "MTV-818",
"url": "https://issues.redhat.com/browse/MTV-818"
},
{
"category": "external",
"summary": "MTV-830",
"url": "https://issues.redhat.com/browse/MTV-830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhba-2023_7648.json"
}
],
"title": "Red Hat Bug Fix Advisory: MTV 2.5.3 Images",
"tracking": {
"current_release_date": "2024-09-03T22:35:53+00:00",
"generator": {
"date": "2024-09-03T22:35:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.1"
}
},
"id": "RHBA-2023:7648",
"initial_release_date": "2023-12-05T06:56:16+00:00",
"revision_history": [
{
"date": "2023-12-05T06:56:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-05T06:56:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-03T22:35:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
}
}
},
{
"category": "product_name",
"name": "8Base-MTV-2.5",
"product": {
"name": "8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.3-4"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.3-7"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.3-9"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.3-30"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.3-11"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.3-12"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.3-10"
}
}
},
{
"category": "product_version",
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.3-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64 as a component of 8Base-MTV-2.5",
"product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"relates_to_product_reference": "8Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64 as a component of 8Base-MTV-2.5",
"product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
},
"product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64",
"relates_to_product_reference": "9Base-MTV-2.5"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-45142",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-10-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2245180"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak was found in the otelhttp handler of open-telemetry. This flaw allows a remote, unauthenticated attacker to exhaust the server\u0027s memory by sending many malicious requests, affecting the availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "opentelemetry: DoS vulnerability in otelhttp",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While no authentication is required, there are a significant number of non-default factors which prevent widespread exploitation of this flaw. For a service to be affected, all of the following must be true:\n* The go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package must be in use\n* Configured a metrics pipeline which uses the otelhttp.NewHandler wrapper function\n* No filtering of unknown HTTP methods or user agents at a higher level (such as Content Delivery Network/Load Balancer/etc...)\n\nDue to the limited attack surface, Red Hat Product Security rates the impact as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
],
"known_not_affected": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "RHBZ#2245180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45142"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr",
"url": "https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"
}
],
"release_date": "2023-10-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:7648"
},
{
"category": "workaround",
"details": "As a workaround to stop being affected otelhttp.WithFilter() can be used.\n\nFor convenience and safe usage of this library, it should by default mark with the label unknown non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.\n\nThe other possibility is to disable HTTP metrics instrumentation by passing otelhttp.WithMeterProvider option with noop.NewMeterProvider.",
"product_ids": [
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:8754f24846c622dab9bd423895512a8380f5bdb11569632a5ef8330f2beca1d7_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:fceee04ea01c3b516623ef6f15591e6807b9f00fe0c172d54b5d2787f51ac3b6_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:97e9e4096fe23ef06a79cc24db15f2d185922a76c00bf96fd4b49d541186c8fe_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:8fedc9fe464f5cacd62bb045b248e43d3bd89cbcefd168a3a1fae01e4728bd02_amd64",
"8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:cce69df41be6386f1abf91f6466a4d8deaab4ec893354bd9e8be90fc35ef46b1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:886beb6c16e2c325aad2c0aa7ab33d261af0c59daf901f1325a4f855a93e94e3_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:0df281d03f068951d4f82683bd1c3348ac905dd7d7097adb82ebd32da09e3159_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:da28fd4f76380dfa9072911ae004f9009199d45ea1f2bb7c6b1e86f874e1ace1_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:d0b218a09f5435fee89a2b0a9f4ff9a56891b123e565611094ebc81927576f92_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:f6b4db29214b9e92404569b732eb4df67c3f5cab85f9f56219aee2e330a034ac_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:20ba9c9859980fecdcf6aab2c9b90808fe2170e2e6408eab680721341816b316_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:d478f7b0cafe869f013da6ddc58055e8a54fa6f7e0778cd05176f08ca4cc4e5f_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64",
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:455e95d6dacbe580cc3b9273c4c740d3f8b708b05c8c2dbdd1f67280b64d4ad6_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:e0a5ff55776d70f48cd20ee87c8ca38039a1f1325d726041e958cf47f97711fe_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "opentelemetry: DoS vulnerability in otelhttp"
}
]
}
Loading...