rhsa-2022_4985
Vulnerability from csaf_redhat
Published
2022-06-09 18:55
Modified
2024-11-06 01:02
Summary
Red Hat Security Advisory: Cryostat 2.1.1: new Cryostat on RHEL 8 container images
Notes
Topic
New Cryostat 2.1.1 on RHEL 8 container images are now available
Details
New Cryostat 2.1.1 on RHEL 8 container images have been released, containing bug fixes and addressing the following security vulnerabilities: CVE-2022-25647, CVE-2022-28948 (see References)
Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues and fix these bugs. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Cryostat 2.1.1 on RHEL 8 container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "New Cryostat 2.1.1 on RHEL 8 container images have been released, containing bug fixes and addressing the following security vulnerabilities: CVE-2022-25647, CVE-2022-28948 (see References)\n\nUsers of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues and fix these bugs. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4985",
"url": "https://access.redhat.com/errata/RHSA-2022:4985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "2088748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4985.json"
}
],
"title": "Red Hat Security Advisory: Cryostat 2.1.1: new Cryostat on RHEL 8 container images",
"tracking": {
"current_release_date": "2024-11-06T01:02:23+00:00",
"generator": {
"date": "2024-11-06T01:02:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2022:4985",
"initial_release_date": "2022-06-09T18:55:22+00:00",
"revision_history": [
{
"date": "2022-06-09T18:55:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-09T18:55:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T01:02:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=1.0.0-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.1.1-1"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.1.1-2"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.1.1-1"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.1.0-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25647",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2080850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25647"
},
{
"category": "external",
"summary": "RHBZ#2080850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25647"
}
],
"release_date": "2022-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-09T18:55:22+00:00",
"details": "The Cryostat 2 on RHEL 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.redhat.io. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4985"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson"
},
{
"cve": "CVE-2022-28948",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2088748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-gopkg-yaml: crash when attempting to deserialize invalid input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has designated the CVE rating as \u0027moderate\u0027 as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "RHBZ#2088748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq",
"url": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq"
}
],
"release_date": "2022-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-09T18:55:22+00:00",
"details": "The Cryostat 2 on RHEL 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.redhat.io. Installation instructions for your platform are available at Red Hat Container Catalog (see References).\n\nDockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4985"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:701458696ba8788f5c2516e7dd892b4bee992d3d9af6888aa6f4d6a203c8a8b8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:6634699c642304eccb56c23d5e69cb85c064d1bf05b42e36d35ba9e91ff87b82_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:9e076c0cde640b4cd9a40039325fb103ac417579164aca3b93af2de5ee5a84e9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:1e5dc2468c07b0ea10efa4568be3031f78c79fd3fef44dfe3f739299b2baf6e5_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:dbeb06612d63011778a7a5545b74c347368515133ee557eb25ed84857469138c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.