rhsa-2023_3624
Vulnerability from csaf_redhat
Published
2023-06-15 09:48
Modified
2024-12-17 22:21
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.10 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)
* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)
* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.7.10 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)\n\n* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)\n\n* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3624", "url": "https://access.redhat.com/errata/RHSA-2023:3624" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2184481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481" }, { "category": "external", "summary": "2184482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482" }, { "category": "external", "summary": "2184483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483" }, { "category": "external", "summary": "2184484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484" }, { "category": "external", "summary": "2196027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027" }, { "category": "external", "summary": "2204461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2204461" }, { "category": "external", "summary": "2210565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210565" }, { "category": "external", "summary": "2212528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212528" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3624.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update", "tracking": { "current_release_date": "2024-12-17T22:21:12+00:00", "generator": { "date": "2024-12-17T22:21:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:3624", "initial_release_date": "2023-06-15T09:48:09+00:00", "revision_history": [ { "date": "2023-06-15T09:48:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-15T09:48:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T22:21:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.7", "product": { "name": "8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.10-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "product": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "product": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.10-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.10-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.10-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.10-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.10-2" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64" }, "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64" }, "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-24534", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184483" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24534" }, { "category": "external", "summary": "RHBZ#2184483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534" }, { "category": "external", "summary": "https://go.dev/issue/58975", "url": "https://go.dev/issue/58975" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:48:09+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3624" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, net/textproto: denial of service from excessive memory allocation" }, { "cve": "CVE-2023-24536", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184482" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Enterprise Linux,\n\n* Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected.\n* The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected.\n* Butane does not parse multipart forms, hence, it is also not-affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24536" }, { "category": "external", "summary": "RHBZ#2184482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24536", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536" }, { "category": "external", "summary": "https://go.dev/issue/59153", "url": "https://go.dev/issue/59153" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:48:09+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3624" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption" }, { "cve": "CVE-2023-24537", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184484" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: Infinite loop in parsing", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24537" }, { "category": "external", "summary": "RHBZ#2184484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24537", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537" }, { "category": "external", "summary": "https://github.com/golang/go/issues/59180", "url": "https://github.com/golang/go/issues/59180" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:48:09+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3624" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: Infinite loop in parsing" }, { "cve": "CVE-2023-24538", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2023-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184481" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: backticks not treated as string delimiters", "title": "Vulnerability summary" }, { "category": "other", "text": "The described issue involving Go templates and JavaScript template literals poses a moderate severity rather than an important one due to several mitigating factors. Firstly, the vulnerability requires specific conditions to be met: the presence of Go templates within JavaScript template literals. This limits the scope of affected codebases, reducing the likelihood of exploitation. Additionally, the decision to disallow such interactions in future releases of Go indicates a proactive approach to addressing the issue. Furthermore, the affected packages or components within Red Hat Enterprise Linux, such as Conmon, Grafana, and the RHC package, have been assessed and determined not to be impacted due to their specific usage patterns. So the limited scope of affected systems and the absence of exploitation vectors in specific components within Red Hat Enterprise Linux contribute to categorizing the severity of the issue as moderate.\n\nFor Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* The rhc package do not make use of html/template. Hence, it is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24538" }, { "category": "external", "summary": "RHBZ#2184481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24538", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538" }, { "category": "external", "summary": "https://github.com/golang/go/issues/59234", "url": "https://github.com/golang/go/issues/59234" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8" } ], "release_date": "2023-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:48:09+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3624" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: backticks not treated as string delimiters" }, { "acknowledgments": [ { "names": [ "Juho Nurminen" ], "organization": "Mattermost" } ], "cve": "CVE-2023-24540", "cwe": { "id": "CWE-176", "name": "Improper Handling of Unicode Encoding" }, "discovery_date": "2023-05-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2196027" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: improper handling of JavaScript whitespace", "title": "Vulnerability summary" }, { "category": "other", "text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24540" }, { "category": "external", "summary": "RHBZ#2196027", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540" }, { "category": "external", "summary": "https://go.dev/issue/59721", "url": "https://go.dev/issue/59721" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU" } ], "release_date": "2023-04-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:48:09+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3624" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:fdd27f3cb68a541b704fa014e7ea564583307743a4d31032cad01268dddf55bc_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:9fea1718dc2fe0dd2735750df6d16921086e2593da3c8de2272584f1b976c6ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ea7911f8d680f1a827fdd29fc67c5b5d0d5f420fd09baa930809ef4fa38ae6ab_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:d768e09a2ab2d6906d63612488d32180d1c6270804c0bcc9fa6f89bbd7f04193_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fdf17820034efd0f7f76274798518bcea6c9483c8de8804f5a56b651ef77e717_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:edfff81bc56194aea84e3b80fa550b439c266df3fc81c58c111e5972b670f7ae_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:20d278777ec6758913a21946f57ea207fd924f84085f6bf9ea51cd94eaae24ca_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:3200f7f9624ad8aee46d0e3ebf6c04464b277cac4da67075863c2f4f0b33aaff_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:41c5da49059d19beb97ec9d9fd4542120af73d488ffdc1d611c9774bf1f7c79a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:b172c46f467a7813bed75b04dd82c24be0092e1ea2c74a45a8f82ce895876e81_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:926a4c07b2a4223264fa1455f3f056d94a9dc52885713978ff8586e8caa2eff5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:6097ccca550816d040055dd4878d17cc0996d47a436f06296fe5d26c5862e1f5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:1b4eb48d9aa6b63cd6409fa5b77eb769a2ed4bc257a4058d1a07a66ea95039a5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:9ef09a93b6910806b2952b9d50c5a61ae6f2c7284c439f61bf303d2e893c8c22_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:6da71292aa6f83b0c6cc113c6c05b2224ba2b3f90de62d69843cf6399558551e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:346fa63bcbdc03896e91b2ee3318e062b4deb7fe9183135c7841d0da69c3690c_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:916d5fd70f5eb58931927d44e05e2287ce85f04ac3bdefde78b6522214a0286e_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: html/template: improper handling of JavaScript whitespace" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.