csaf_redhat - rhba-2024

rhba-2024_0928

Vulnerability from csaf_redhat

Published

2024-02-20 15:58

Modified

2024-10-14 15:12

Summary

Red Hat Bug Fix Advisory: MTV 2.5.5 Images

Notes

Topic

Updated Release packages that fix several bugs and add various enhancements are now available.

Details

Migration Toolkit for Virtualization 2.5.5 Images

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Release packages that fix several bugs and add various enhancements are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization 2.5.5 Images",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2024:0928",
        "url": "https://access.redhat.com/errata/RHBA-2024:0928"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_0928.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: MTV 2.5.5 Images",
    "tracking": {
      "current_release_date": "2024-10-14T15:12:35+00:00",
      "generator": {
        "date": "2024-10-14T15:12:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.0.1"
        }
      },
      "id": "RHBA-2024:0928",
      "initial_release_date": "2024-02-20T15:58:35+00:00",
      "revision_history": [
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-20T15:58:35+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-10-14T15:12:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "9Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "8Base-MTV-2.5",
                "product": {
                  "name": "8Base-MTV-2.5",
                  "product_id": "8Base-MTV-2.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-api-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-console-plugin-rhel9\u0026tag=2.5.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.5.5-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.5.5-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-openstack-populator-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.5.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.5.5-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ova-provider-server-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-populator-controller-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhv-populator-rhel8\u0026tag=2.5.5-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel9\u0026tag=2.5.5-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8\u0026tag=2.5.5-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
        "relates_to_product_reference": "8Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64 as a component of 8Base-MTV-2.5",
          "product_id": "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64",
        "relates_to_product_reference": "9Base-MTV-2.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26159",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2024-01-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2256413"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse() function. When a new URL() throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "follow-redirects is a transitive dependency of Grafana, and does not affect Red Hat Enterprise Linux 8.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "RHBZ#2256413",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256413"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26159",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26159"
        }
      ],
      "release_date": "2024-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()"
    },
    {
      "cve": "CVE-2024-21484",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "discovery_date": "2024-01-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
            "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2259531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:b47c3890048aacb3871c5881f4c322d0c31327dcd7f2ecc56a756222d5c1b430_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:a3c7f322ad9ea6bab636f23ec9b5251a0d0c60db00435f7f3bc9e5f27bd12b72_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:feaa4bffc2f342ac9bf9b49f134438a696195a5fce68bb87a9758093f4afc0a1_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-rhv-populator-rhel8@sha256:a09314b93d4af7f7b1d9ab382ac45114cedb08ffd9b6877a75a2c6008613c08c_amd64",
          "8Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-warm-rhel8@sha256:524cf3280bd8b6676c29514cac57b9549389c14352e6f415532df038779b2c05_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-api-rhel9@sha256:9e9e2eaee0ffd333a15412cdb7895bcaa939e20c63ba0d6af5e6ab14e14b0457_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-controller-rhel9@sha256:322bef90e555a242f22c79fee8972a7c64a885f660023363066bf9841bcd3f31_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-openstack-populator-rhel9@sha256:39723ec6f8e81abb29c8900ace04b52756b946ed4a5dc1539435ddc1fa4d3ad0_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-operator-bundle@sha256:c03299e6aa376300d385acbb1b4c3cef9ebc7d5f2404203a18197f7b0f05738e_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-ova-provider-server-rhel9@sha256:da5195884a542857fc3b9e05311027eca03a5f3aa17b862c9aee3ff5ae2bbcb6_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-populator-controller-rhel9@sha256:b377ea42b5cb2283254377e9ea6aa9f25830d545f253d49ffd7390e818e33a64_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-validation-rhel9@sha256:dfaafdce49acf64589b22235d9c1b61612be90b524e2902d1f5c804556234f4d_amd64",
          "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-virt-v2v-rhel9@sha256:2585c8921693fba30e29aea73473ae1c9b373ba9ad945b901a99ca1bec54264f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "RHBZ#2259531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21484",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21484"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/issues/598",
          "url": "https://github.com/kjur/jsrsasign/issues/598"
        },
        {
          "category": "external",
          "summary": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
          "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
        }
      ],
      "release_date": "2024-01-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2024:0928"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-MTV-2.5:migration-toolkit-virtualization/mtv-console-plugin-rhel9@sha256:2604c818e10633bf09d22f7018ce1d192099a9986704b5a883278d8cc48b4635_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jsrsasign: vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process"
    }
  ]
}

cve-2024-21484

Vulnerability from cvelistv5

Published

2024-01-22 05:00

Modified

2024-08-01 22:20

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P

Summary

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
	https://github.com/kjur/jsrsasign/issues/598
	https://github.com/kjur/jsrsasign/releases/tag/11.0.0
	https://people.redhat.com/~hkario/marvin/

Impacted products

▼	Vendor	Product
	n/a	jsrsasign
	n/a	org.webjars.npm:jsrsasign
	n/a	org.webjars.bowergithub.kjur:jsrsasign
	n/a	org.webjars.bower:jsrsasign

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kjur/jsrsasign/issues/598"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://people.redhat.com/~hkario/marvin/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsrsasign",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "11.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:jsrsasign",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.bowergithub.kjur:jsrsasign",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.bower:jsrsasign",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hubert Kario"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThe vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T14:09:29.400Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734"
        },
        {
          "url": "https://github.com/kjur/jsrsasign/issues/598"
        },
        {
          "url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0"
        },
        {
          "url": "https://people.redhat.com/~hkario/marvin/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2024-21484",
    "datePublished": "2024-01-22T05:00:02.087Z",
    "dateReserved": "2023-12-22T12:33:20.117Z",
    "dateUpdated": "2024-08-01T22:20:40.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-26159

Vulnerability from cvelistv5

Published

2024-01-02 05:00

Modified

2024-08-02 11:39

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P

Summary

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137
	https://github.com/follow-redirects/follow-redirects/issues/235
	https://github.com/follow-redirects/follow-redirects/pull/236
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/

Impacted products

▼	Vendor	Product
	n/a	follow-redirects

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/issues/235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/pull/236"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "follow-redirects",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.15.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kim Donggyu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-02T05:00:00.659Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137"
        },
        {
          "url": "https://github.com/follow-redirects/follow-redirects/issues/235"
        },
        {
          "url": "https://github.com/follow-redirects/follow-redirects/pull/236"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZ425BFKNBQ6AK7I5SAM56TWON5OF2XM/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2023-26159",
    "datePublished": "2024-01-02T05:00:00.659Z",
    "dateReserved": "2023-02-20T10:28:48.931Z",
    "dateUpdated": "2024-08-02T11:39:06.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhba-2024_0928

Vulnerability from csaf_redhat

cve-2024-21484

Vulnerability from cvelistv5

cve-2023-26159

Vulnerability from cvelistv5

Tags